🇺🇸 Live Workplace Safety & WHS/OHS

NIST Cybersecurity Framework 2.0

Provides a voluntary framework of cybersecurity outcomes organized around six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Applicable to organizations of all sizes and sectors seeking to manage cybersecurity risk.

View official source document

6

Rules extracted

103

Obligations decomposed

17.2x

Avg obligations per rule

🇺🇸 United States

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

6

Rules

Decomposed

103

Obligations

17.2x

Decomposition ratio

Each rule is decomposed into an average of 17.2 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 103 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in NIST CSF 2.0 is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
NIST Cybersecurity Framework 2.0
Regulatory body
National Institute of Standards and Technology
Jurisdiction
🇺🇸 United States
Document type
framework
Effective date
February 26, 2024
Issuing authority
National Institute of Standards and Technology (NIST)
Industry
Workplace Safety & WHS/OHS
Official source
View source document ↗

Who this applies to

all organizationscritical infrastructure operatorsfederal agenciesgovernment contractors

Key requirements

  • govern function
  • identify function
  • protect function
  • detect function
  • respond function
  • recover function
  • supply chain risk management
  • continuous improvement

Frequently asked questions about NIST CSF 2.0

What is NIST CSF 2.0?
Provides a voluntary framework of cybersecurity outcomes organized around six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Applicable to organizations of all sizes and sectors seeking to manage cybersecurity risk.

Who does NIST CSF 2.0 apply to?
NIST CSF 2.0 applies to all organizations, critical infrastructure operators, federal agencies, government contractors.

How many obligations does NIST CSF 2.0 contain?
AuditDSS has decomposed NIST CSF 2.0 into 103 atomic obligations from 6 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of NIST CSF 2.0?
The key requirements include: govern function, identify function, protect function, detect function, respond function, recover function, supply chain risk management, continuous improvement.

How can I assess my NIST CSF 2.0 compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 103 NIST CSF 2.0 obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces NIST CSF 2.0?
NIST CSF 2.0 is enforced in United States by National Institute of Standards and Technology.

When did NIST CSF 2.0 come into effect?
NIST CSF 2.0 became effective on February 26, 2024.

What industry does NIST CSF 2.0 apply to?
NIST CSF 2.0 is primarily relevant to the Workplace Safety & WHS/OHS industry. AuditDSS covers 45 regulations in this industry sector.

Build a NIST CSF 2.0 compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for NIST CSF 2.0 — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering NIST CSF 2.0 requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine NIST CSF 2.0 with other regulations into a single unified compliance pack for your business.

Build NIST CSF 2.0 compliance pack

Already have a policy? Assess it against NIST CSF 2.0

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 103 obligations

Your document is scored against every obligation in NIST CSF 2.0. Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Workplace Safety & WHS/OHS

🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

Model WHS Act

10 rules, 41 obligations
🇺🇸 Live

CCPA/CPRA

46 rules, 572 obligations
🇺🇸 Live

EPA Lead RRP

47 rules, 1,220 obligations
🇺🇸 Live

ERISA Fiduciary

26 rules, 920 obligations

Assess your NIST CSF 2.0 compliance

Upload your document and get a risk-scored gap analysis against 103 NIST CSF 2.0 obligations in under 5 minutes.

Start assessment Browse all regulations