Coming Q4 2026

NIST CSF 2.0 compliance,from partial to adaptive.

The NIST Cybersecurity Framework is the most referenced US cybersecurity guidance. ONTRACE.AI will map your controls, track maturity across all six functions, and identify gaps — continuously, not annually.

6 Core Functions (CSF 2.0)

Applies to all sectors and sizes

Q4 2026 launch target

Framework Overview

What is the NIST Cybersecurity Framework?

The NIST CSF, published by the US National Institute of Standards and Technology, is a voluntary guidance framework for improving cybersecurity risk management. Version 2.0 (released February 2024) expanded the scope beyond critical infrastructure to all organisations, and added a sixth function: Govern.

Not prescriptive

The CSF describes outcomes, not specific controls — giving organisations flexibility in implementation.

Risk-based approach

Built on risk management principles — start with your highest risks, not the most comprehensive checklist.

Universally applicable

CSF 2.0 applies to organisations of any size, sector, or cybersecurity maturity level — US or global.

CSF 2.0 Core Functions

Six functions. One unified framework.

Govern

New in 2.0

New in CSF 2.0. Establishes organisational context, risk management strategy, supply chain risk management, and roles and responsibilities.

Organisational ContextRisk Management StrategyRoles & ResponsibilitiesPolicyOversightCybersecurity Supply Chain

Identify

Understand the cybersecurity risk to systems, assets, data, and capabilities. Asset management, business environment, risk assessment.

Asset ManagementRisk AssessmentImprovement

Protect

Develop and implement safeguards to ensure delivery of critical services. Access control, awareness training, data security, platform security.

Identity Management & Access ControlAwareness & TrainingData SecurityPlatform SecurityTechnology Resilience

Detect

Develop and implement activities to identify cybersecurity events. Continuous monitoring and anomalies detection.

Continuous MonitoringAdverse Event Analysis

Respond

Develop and implement activities to take action regarding a detected cybersecurity incident. Incident management, analysis, mitigation.

Incident ManagementIncident AnalysisIncident Response ReportingMitigationImprovements

Recover

Identify activities to maintain resilience and restore capabilities after a cybersecurity incident.

Incident Recovery Plan ExecutionIncident Recovery CommunicationImprovements

ONTRACE.AI NIST CSF Support

Map, measure, and improve — autonomously.

Risk-Based Alignment

ONTRACE.AI maps your existing controls to CSF 2.0 functions, identifying gaps and prioritising improvements based on your actual risk posture — not just a checkbox.

Maturity Assessment

Track your implementation tier across all six functions, visualising progress from partial to adaptive cybersecurity risk management maturity.

Continuous Monitoring

The Detect function requires ongoing monitoring. ONTRACE.AI automates anomaly detection and continuous control effectiveness measurement across your environment.

Incident Response Integration

Respond and Recover functions mapped to ONTRACE.AI's incident management workflows, ensuring your response capabilities meet CSF expectations.

Available Now

NIST and ISO 27001 share deep control overlap.

NIST published an official mapping between CSF 2.0 and ISO 27001:2022. Organisations implementing ISO 27001 typically satisfy a substantial proportion of NIST CSF requirements simultaneously. ONTRACE.AI's ISO 27001 module is available now.

Join the Waitlist

NIST CSF 2.0 support arrives Q4 2026.
Get notified first.

Join the waitlist and be first to access NIST CSF 2.0 compliance support on ONTRACE.AI when it launches.