NIST’s 5 Steps to initiate and/or integrate NIST Cybersecurity Framework 2.0 at your organization

Last updated: August 31, 2025 19:10
Created: July 6, 2024 22:41
Hits: 2479
Rating:

This video features Allen Keele, a principal and lead instructor at Certified Information Security, who outlines the five steps recommended by NIST to initiate or integrate the NIST Cybersecurity Framework 2.0 into an organization's cybersecurity program. He emphasizes the importance of understanding the organization's current cybersecurity state and NIST CSF 2.0's target goals.

The video also discusses the maturity scale levels provided by the Cybersecurity and Infrastructure Security Agency (CISA) for assessing conformance, ranging from planned to managed, measured, and defined. Additionally, Keele explains the hierarchical structure of NCSF 2.0, which includes six functions, 22 major project categories, and 106 subcategories with 363 recommended implementation tasks. He provides insights into assigning roles and responsibilities, creating a RACI matrix, and assessing the completion maturity of actions.

00:00Introduction to NIST CSF 2.0
- Allen Keele introduces the NIST Cybersecurity Framework 2.0
- Outlines the five steps for integrating the framework into an organization
- Emphasizes scoping and gathering information as initial steps
02:08Understanding Maturity Scale Levels
- Explains the maturity scale levels for assessing conformance
- Describes the range from planned to managed, measured, and defined
- Highlights the importance of assigning tasks to the right people
02:36Structure of NIST CSF 2.0
- Breaks down the framework into functions, categories, and subcategories
- Discusses the 106 subcategories and 363 recommended implementation tasks
- Stresses the need for clear objectives and control objectives
09:22Assigning Roles and Responsibilities
- Guides on creating a RACI matrix for roles and responsibilities
- Provides a detailed explanation of the RACI matrix components
- Discusses the importance of documenting and measuring performance
09:30Screen demonstration of using the CIS NIST Cybersecurity Framework 2.0 Roles and Responsibilities RACI Matrix & CSF 2.0 Profile Audit Tool

Authors

Allen Keele (Moderator)

For over 25 years, I’ve worked at the intersection of governance, risk, and cybersecurity.As Principal of Certified Information Security (CIS), I’ve advised Fortune 500 companies, enterprises, heavily regulated industries (banks, governments) worldwide on implementing and sustaining:

ISO 27001 Information Security Management Systems
NIST Cybersecurity Framework (CSF 2.0) programs
Enterprise Risk & Compliance strategies based on ISO 31000, ISO 37301, and ISO 22301𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗶𝗻𝗰𝗹𝘂𝗱𝗲:▸ 4,000+ leaders and practitioners 𝘵𝘳𝘢𝘪𝘯𝘦𝘥 & 𝘤𝘦𝘳𝘵𝘪𝘧𝘪𝘦𝘥 𝘪𝘯 𝘎𝘙𝘊 and cybersecurity framework

𝗛𝗶𝗴𝗵𝗹𝗶𝗴𝗵𝘁𝘀 𝗶𝗻𝗰𝗹𝘂𝗱𝗲:

► 4,000+ leaders and practitioners 𝘵𝘳𝘢𝘪𝘯𝘦𝘥 & 𝘤𝘦𝘳𝘵𝘪𝘧𝘪𝘦𝘥 𝘪𝘯 𝘎𝘙𝘊 and cybersecurity frameworks
► 40+ 𝘥𝘪𝘨𝘪𝘵𝘢𝘭 𝘢𝘯𝘥 𝘭𝘪𝘷𝘦 𝘵𝘳𝘢𝘪𝘯𝘪𝘯𝘨 𝘱𝘳𝘰𝘨𝘳𝘢𝘮𝘴 used by corporate teams and government agencies globally
► Enterprise engagements with organizations such as Amazon, the NSA, and dozens of central banks
► Authored 7 books on enterprise risk, cybersecurity, and governance frameworks

My focus is helping organizations bridge the gap between policy and operational reality in information security, enterprise risk, and compliance.

Whenever you’re ready, here’s how I can help:

1️⃣ Executive & Practitioner Training – train & certify your team in NIST CSF 2.0, ISO 27001, ISO 31000, ISO 22301.

2️⃣Rapid ISO 27001 & NIST CSF 2.0 Readiness Assessments – pinpoint gaps and accelerate compliance.

3️⃣ Enterprise GRC Program Design – build practical governance and risk management systems that last.

Explore programs at www.certifiedinfosec.com or drop me a message to arrange a quick discovery call.

Contact: https://www.certifiedinfosec.com/home/contact-us; +1 (904) 406-4311.

My comments Subscribe

Show comment form

Certified Information Security Blog

Authors

Allen Keele (Moderator)