NIST Cybersecurity Framework
A risk-based framework structured around six functions - Govern, Identify, Protect, Detect, Respond and Recover.
What NIST CSF 2.0 actually is.
The NIST CSF is a voluntary, outcome-based framework used worldwide to describe and manage cybersecurity risk. v2.0 introduced the Govern function alongside the original five, bringing board-level accountability, risk management and supply-chain risk into the core. The CSF is one of the permitted cybersecurity frameworks under the Australian CIRMP Rules, and is commonly used as a common language between security teams, auditors and executives.
Any organisation. Often adopted as a governance backbone by Australian regulated entities who need a common structure across ISM, Essential Eight, ISO 27001 and PCI DSS.
The control areas the framework covers.
Summary of the control families and outcomes the framework drives. Always validate against the official publication for the authoritative wording.
-
01
Govern (GV)
Establish, communicate and monitor the cybersecurity risk-management strategy, expectations and policy.
-
02
Identify (ID)
Determine current cybersecurity risk to the organisation, including assets, risks and governance context.
-
03
Protect (PR)
Safeguards to manage cybersecurity risks through access control, awareness and data security.
-
04
Detect (DE)
Find and analyse possible cybersecurity attacks and compromises through continuous monitoring.
-
05
Respond (RS)
Take action regarding a detected cybersecurity incident through containment, communications and analysis.
-
06
Recover (RC)
Restore assets and operations impacted by a cybersecurity incident through recovery planning and improvement.
Read it from the issuing body.
For anything with a regulator or certification body behind it, the authoritative text is what counts - not our summary.
NIST Cybersecurity Framework
nist.gov/cyberframework
Content on this page is a plain-language summary for programme planning. It is not legal or regulatory advice, and it does not replace a current copy of the issuer's publication.
How Vectra delivers against NIST CSF 2.0.
Assessment, engineering and operational services that line up with the framework's control areas.
Virtual CISO
Fractional security leadership embedded with your executive team.
Managed Detection & Response
Sovereign Australian XDR powered by nine global SOCs, AWS Australia hosting and 24x7 human-verified response.
Penetration Testing
Find it before the attackers do - CREST-certified engagements that deliver actionable findings, not compliance checkboxes.
Incident Response Retainer
Contracted response hours with defined SLAs - containment in minutes, not days.
Where NIST CSF 2.0 shows up.
Sectors where Vectra most commonly applies this framework. Click through for the industry-specific program view.
Critical Infrastructure
SOCI Act-aligned OT/ICS cybersecurity for energy, water, telecommunications, transport and data-storage operators.
Banking & Finance
APRA CPS 234 and CPS 230 aligned cybersecurity for banks, insurers, superannuation funds and RSE licensees.
Healthcare & Pharma
Cybersecurity for hospitals, health services, life-sciences and aged care - where patient safety and sensitive health data never pause.
eCommerce & Retail
PCI DSS 4.0, bot defence and checkout-fraud protection for retailers, marketplaces and D2C brands.
Security, engineered around you.
Talk to an engineer - not a call centre. Most Vectra conversations start with a 30-minute technical briefing and end with a written plan.