Julian Pablo
Old Dominion University
Professor Skip Hiser
16 February 2026
Understanding the Differences between the NIST Cybersecurity Framework 1.1 and 2.0
Differance of NIST Frameworks
BLUF: The NIST Cybersecurity 2.0 frameworks improves upon its predecessor by giving more emphasis on areas like governance and supply chain and adding much more clarity to understanding and broader implementation of the framework.
Originally the NIST 1.1 framework only have had 5 core functions including Identify, Protect, Detect, Respond, Recover. These were all crucial areas, but it felt like there was one area that was also crucial but neglected.
That area would soon become known as Governance; it focuses on the need for leadership and assignment of roles and strategies. These were somewhat touched upon the old framework, but the 2nd version of the framework actually focuses on this area.
The new framework also decided to focus on areas like supply chain management under the governance function. This focused on how to handle area like vendors and third-party management.
The framework was also renamed from “Framework for Improving Critical Infrastructure Cybersecurity” to “Cybersecurity Framework”. This allows for much broader application of the framework to any businesses either big or small.
The last thing the framework did was add much more clarity to the entire framework. They did this by reorganizing and condensing much of the categories and subcategories for better understanding. This also include better examples into how to implement the framework itself.
Overall, the new framework greatly improved upon the older version. It gives much more focus on areas not covered in the originally and provides more clarity to the readers. The NIST framework improved to a degree where it can be used by about any organization.