All insights
NIST
· 9 min read

NIST CSF 2.0 — Why the New Govern Function Reframes Your Programme

The sixth function, organisational profiles, and how CSF 2.0 finally becomes usable outside critical infrastructure.

Published 8 February 2026 · Updated 27 May 2026

Govern is not a new domain — it's a lens

CSF 2.0 adds Govern alongside Identify, Protect, Detect, Respond and Recover. It formalises risk-management strategy, roles, policy, oversight and supply chain governance as first-class outcomes.

Building an organisational profile

The Current/Target profile pattern lets non-critical-infrastructure organisations use CSF pragmatically for the first time, without pretending to be a nuclear operator.

Engage CHNYD Trace

Talk to a partner about NIST — scoping calls are complimentary.

Request consultation →