What changed in CSF 2.0?

It introduced the "Govern" function, putting cyber risk governance alongside the existing Identify, Protect, Detect, Respond and Recover functions.

Can I show current vs target state to a client's board?

Yes — Viciora builds current and target profiles and board-ready risk reports.

NIST CSF 2.0 software for advisors and MSPs

The updated NIST Cybersecurity Framework gives you a flexible way to communicate cyber risk to leadership. Viciora turns it into profiles, scores and board-ready reporting.

What it requires

The NIST Cybersecurity Framework is a voluntary, flexible reference for managing cyber risk. Version 2.0 added a new "Govern" function alongside Identify, Protect, Detect, Respond and Recover, making it easier to communicate cyber risk to executives and boards.

How Viciora handles it

Govern / Identify / Protect / Detect / Respond / Recover
Profile creation (current vs target state)
Tier-based maturity scoring
Board-ready cyber risk reporting
Cross-mapping to ISO 27001 & DORA

Works with your other frameworks

NIST CSF 2.0 sits naturally alongside the rest of your stack — share evidence, controls and mappings across:

See NIST CSF 2.0 managed across every client

Book a 30-minute demo and we’ll walk through it with a real client scenario.

Book a demo

Frequently asked questions

What changed in CSF 2.0?: It introduced the "Govern" function, putting cyber risk governance alongside the existing Identify, Protect, Detect, Respond and Recover functions.
Can I show current vs target state to a client's board?: Yes — Viciora builds current and target profiles and board-ready risk reports.

← Back to all frameworks