NIST CSF 2.0 · Updated February 2024

NIST Cybersecurity Framework 2.0 Assessment for MSPs

📜Official source: NIST Cybersecurity Framework 2.0

Automate NIST CSF 2.0 assessments across all 6 functions — including the new Govern function. Continuous external and internal monitoring mapped to NIST categories, with PDF reports for every client.

Start Free Trial → See Coverage

NIST CSF 2.0 Assessmentv2.0 · 2024

GVGovernNew in 2.0

IDIdentify82% pass

PRProtect76% pass

DEDetect91% pass

RSRespond68% pass

RCRecover79% pass

What Changed in CSF 2.0

NIST CSF 2.0 vs 1.1 — Key Differences

CSF 2.0 was released February 2024. Here's what changed and how SBCMSP covers the new requirements.

NEW

Govern (GV) function added — A new sixth function focused on organizational context, risk strategy, roles, policy, and supply chain risk. NIST CSF 2.0 now explicitly requires governance controls, not just technical ones.

Updated

Supply chain risk management — GV.SC subcategory is new and extensive. Covers identification of critical suppliers, third-party dependency mapping, and supply chain incident response.

NEW

Broader applicability — CSF 2.0 explicitly targets all organizations, not just critical infrastructure. Better fit for commercial clients, SaaS companies, and small businesses.

Updated

Tiers reframed — Tiers 1-4 now describe the rigor of cybersecurity risk governance practices rather than maturity levels. Tier 4 is now achievable for smaller organizations.

Updated

Profiles enhanced — Current and Target Profiles now have formal implementation examples. NIST published community profiles for specific sectors.

SBCMSP CSF 2.0 Coverage

SBCMSP automates the technical subcategories across all 6 CSF 2.0 functions. The new GV (Govern) function is partially covered through external checks for organizational exposure.

GV — GovernPartial

ID — IdentifyAutomated

PR — ProtectAutomated

DE — DetectAutomated

RS — RespondPartial

RC — RecoverPartial

The 6 Functions

Full Coverage Across NIST CSF 2.0

Each function maps to specific SBCMSP checks — external scanner findings, internal agent results, and M365 assessment data.

GV · New in 2.0

Govern

Organizational context, risk strategy, roles, policy, oversight, and supply chain risk management.

Partial — policy documentation

ID · Identify

Identify

Asset management, risk assessment, improvement. Subdomain discovery, port inventory, third-party resource fingerprinting.

✓ Automated — ASM checks

PR · Protect

Protect

Identity management, awareness training, data security, platform security, technology infrastructure resilience.

✓ Automated — 60+ checks

DE · Detect

Detect

Continuous monitoring and adverse event analysis. Daily scans detect configuration drift and new vulnerabilities.

✓ Automated — daily scans

RS · Respond

Respond

Incident response management, analysis, mitigation, and reporting. Alerting and remediation tracking.

Partial — alerts + tracking

RC · Recover

Recover

Incident recovery execution and communication. Backup status checks via internal agent.

Partial — backup checks

MSP Features

NIST CSF 2.0 Built for MSP Workflows

📋

CSF 2.0 PDF Reports

Generate NIST CSF 2.0 reports with your MSP branding showing function-level scores, failing subcategories, and remediation guidance. Updated for 2.0's 6-function structure including Govern.

🔄

Continuous Monitoring

NIST CSF emphasizes continuous monitoring as a core practice. SBCMSP's daily scans create an ongoing detection capability — directly satisfying DE.CM subcategory requirements.

📊

Current vs Target Profile

CSF 2.0 uses Current and Target Profiles to track improvement. SBCMSP's score trend shows your client's journey from their current posture toward their compliance target over time.

NIST Cybersecurity Framework 2.0 Assessment for MSPs

NIST CSF 2.0 vs 1.1 — Key Differences

Full Coverage Across NIST CSF 2.0

NIST CSF 2.0 Built for MSP Workflows

Start NIST CSF 2.0 Assessments Today