Security

NIST Cybersecurity Framework 2.0

Voluntary, US-government-blessed taxonomy for cybersecurity programs. The 2.0 revision (Feb 2024) added a 'Govern' function alongside the original Identify / Protect / Detect / Respond / Recover.

Authority: NIST
Version: 2.0
Jurisdiction: United States
Source: nist.gov
Last reviewed: 2026-04-28
Last verified: pending

What it is

NIST CSF 2.0 — a free, voluntary framework organising cybersecurity outcomes into six Functions, 22 Categories, and 100+ Subcategories. Designed to be sector-agnostic; widely used by US federal agencies and contractors.

Why it matters

Useful as a cross-walk: most other frameworks (ISO 27001, SOC 2, CIS Controls) map to CSF. If you need to answer 'what's our security posture?' in board-level terms, CSF gives you the vocabulary.

Who it applies to

US-based organizations, federal contractors, or anyone needing a cross-walk between security frameworks.

Jurisdictions: United States

How WQI scores it

Web Quality Index considers this standard satisfied when the supporting factor passes.

#	Factor	Status
4	Security headers (HSTS, CSP, X-Frame-Options, Referrer-Policy, Permissions-Policy, X-Content-Type-Options)	live

Related standards

See also: SOC 2 , ISO 27001 , OWASP Top 10

Standards that share factors with this one

Auto-computed from overlapping factor tickets in satisfiedBy, excluding standards already listed under "See also" above. Strong overlap suggests these standards rise and fall together when sites are scored.

Other references

spec NIST CSF 2.0 (PDF)