NIST
· 9 min readNIST CSF 2.0 — Why the New Govern Function Reframes Your Programme
The sixth function, organisational profiles, and how CSF 2.0 finally becomes usable outside critical infrastructure.
Published 8 February 2026 · Updated 27 May 2026
Govern is not a new domain — it's a lens
CSF 2.0 adds Govern alongside Identify, Protect, Detect, Respond and Recover. It formalises risk-management strategy, roles, policy, oversight and supply chain governance as first-class outcomes.
Building an organisational profile
The Current/Target profile pattern lets non-critical-infrastructure organisations use CSF pragmatically for the first time, without pretending to be a nuclear operator.
Engage CHNYD Trace
Talk to a partner about NIST — scoping calls are complimentary.
Request consultation →