NIST CSF 2.0
The NIST Cybersecurity Framework version 2.0 — six functions (Govern, Identify, Protect, Detect, Respond, Recover) with broad global adoption.
Voluntary for any organisation.
Continuous evidence pipeline available; audit support included for all customers.
What NIST CSF actually requires.
These are the obligations a regulated entity owes — the things an assessor or supervisor will ask about.
Six functions: Govern, Identify, Protect, Detect, Respond, Recover.
Implementation tiers and target profiles.
Pre-mapped controls. Continuous evidence.
Each requirement above is bound to live telemetry — not screenshots. The mapping below is what your auditor or regulator sees.
CSF 2.0 profile builder with subcategory-level evidence.
Crosswalks to ISO 27001, SOC 2, and PCI-DSS.
Artifacts your auditor accepts.
Each evidence artifact is signed and timestamped. Auditors can verify integrity without trusting Safeguard.
Current and target profile comparison.
Per-subcategory evidence binding.
One evidence base. Many regulators.
These frameworks share substantial control overlap with NIST CSF. Customers running one assessment typically satisfy the others with the same evidence base.
ISO/IEC 27001:2022
Cross-jurisdictional
The global Information Security Management System standard, updated in 2022 with 93 Annex A controls in four themes.
NIST SP 800-53
North America
The canonical federal information system controls catalogue — the source for FedRAMP, FISMA, and most US sovereign baselines.
NIST SP 800-218 (SSDF)
North America
The Secure Software Development Framework that backs EO 14028, the CISA attestation form, and most modern software supply-chain mandates.
Ready for NIST CSF?
Bring the framework. We'll walk the controls with you — section by section, evidence packet by evidence packet, with the regulators you actually have to answer to.