NIST CSF 2.0
NIST Cybersecurity Framework 2.0
Voluntary NIST framework adopted globally as a common language to describe cybersecurity maturity and capabilities. Version 2.0 (2024) introduces the GOVERN function and extends coverage to all organisations - not only US critical infrastructure.
- 01GOVERN: governance, risk strategy, roles and responsibilities
- 02IDENTIFY: asset management, business environment, risk assessment
- 03PROTECT: access control, data security, protective technology
- 04DETECT: anomalies, continuous monitoring, detection processes
- 05RESPOND + RECOVER: planning, communications, mitigation, recovery
MON5 directly covers the IDENTIFY (asset management, communications, vulnerability identification) and DETECT (anomaly detection, continuous monitoring) functions on the OT perimeter. The evidence produced supports GOVERN (management reporting) and RESPOND (event correlation, EPSS-driven prioritisation).
- →ID.AM - Asset Management on the OT network
- →ID.RA - Risk Assessment based on CVE + EPSS
- →DE.CM - Continuous monitoring of industrial traffic
- →DE.AE - Real-time anomaly detection
- →Dashboards and reports supporting GOVERN and RESPOND
Let's figure out what you really need.
Show us the OT perimeter and the regulations you need to cover: we will tell you what MON5 documents directly, where complementary work is needed, and which tier to start from - no hard selling.