---
title: "Blog posts from nist csf"
description: ""
url: "https://www.certifiedinfosec.com/resources/blog/tag/9"
date: "2026-07-17T21:43:07+00:00"
language: "en-GB"
---

#  [ NIST CSF 2.0 supersedes CAT for FFIEC cybersecurity compliance. Don't get caught out this August. ](https://www.certifiedinfosec.com/resources/blog/10-nist-csf-2-0-supersedes-cat-for-ffiec-cybersecurity-compliance-dont-get-caught-out-this-august)

 [  ](#)- [ Print](https://www.certifiedinfosec.com/resources/blog/print/10-nist-csf-2-0-supersedes-cat-for-ffiec-cybersecurity-compliance-dont-get-caught-out-this-august "Print")

- [ PDF](https://www.certifiedinfosec.com/resources/blog/pdf/10-nist-csf-2-0-supersedes-cat-for-ffiec-cybersecurity-compliance-dont-get-caught-out-this-august "PDF")
- [ Subscribe](https://www.certifiedinfosec.com/javascript:void(0) "Subscribe")
- By [Allen Keele (Moderator)](https://www.certifiedinfosec.com/resources/blog/author/7773-moderator)  , on May 10, 2025 20:03
- [](https://www.certifiedinfosec.com/resources/blog/10-nist-csf-2-0-supersedes-cat-for-ffiec-cybersecurity-compliance-dont-get-caught-out-this-august#comments)
- [ **Leave a comment** ](https://www.certifiedinfosec.com/resources/blog/10-nist-csf-2-0-supersedes-cat-for-ffiec-cybersecurity-compliance-dont-get-caught-out-this-august)
- 2 min read

  [ ![NIST CSF 2.0 supersedes CAT for FFIEC cybersecurity compliance. Don't get caught out this August.](https://www.certifiedinfosec.com/components/com_rsblog/assets/images/blog/10.jpg?nocache=6a5aa1eb9b582) ](https://www.certifiedinfosec.com/resources/blog/10-nist-csf-2-0-supersedes-cat-for-ffiec-cybersecurity-compliance-dont-get-caught-out-this-august)

 The [FFIEC is retiring its Cybersecurity Assessment Tool (CAT) by August 31, 2025](https://www.ffiec.gov/resources/cat#:~:text=The%20FFIEC%20will%20remove%20the%20CAT%20from,Infrastructure%20Security%20Agency%27s%20(CISA)%20Cybersecurity%20Performance%20Goals), and recommends that financial institutions transition to the **NIST Cybersecurity Framework 2.0 (CSF 2.0)** as an alternative. This shift is driven by the need for more updated and comprehensive cybersecurity frameworks as threats evolve. **Time is running out for supervised financial institutions to transition to deploy and assess cybersecurity according to NIST CSF 2.0.**

## Why the change?

The FFIEC determined that the CAT, while helpful, wasn't being updated to reflect newer government resources like NIST CSF 2.0 and CISA's (U.S. Department of Homeland Security's Cybersecurity and

 [ Read more ](https://www.certifiedinfosec.com/resources/blog/10-nist-csf-2-0-supersedes-cat-for-ffiec-cybersecurity-compliance-dont-get-caught-out-this-august)

 - Posted in:
- [Blog](https://www.certifiedinfosec.com/resources/blog/category/3-blog),
- [Cybersecurity](https://www.certifiedinfosec.com/resources/blog/category/4-cybersecurity)
- Tagged with:
- [cybersecurity](https://www.certifiedinfosec.com/resources/blog/tag/1-cybersecurity),
- [information security](https://www.certifiedinfosec.com/resources/blog/tag/3-information-security),
- [nist csf](https://www.certifiedinfosec.com/resources/blog/tag/9-nist-csf),
- [privacy](https://www.certifiedinfosec.com/resources/blog/tag/10-privacy),
- [cybersecurity framework](https://www.certifiedinfosec.com/resources/blog/tag/11-cybersecurity-framework)

   #  [ NIST’s 5 Steps to initiate and/or integrate NIST Cybersecurity Framework 2.0 at your organization ](https://www.certifiedinfosec.com/resources/blog/2-how-to-assign-nist-cybersecurity-framework-2-0-roles-and-responsibilities-in-a-raci-matrix)

 [  ](#)- [ Print](https://www.certifiedinfosec.com/resources/blog/print/2-how-to-assign-nist-cybersecurity-framework-2-0-roles-and-responsibilities-in-a-raci-matrix "Print")

- [ PDF](https://www.certifiedinfosec.com/resources/blog/pdf/2-how-to-assign-nist-cybersecurity-framework-2-0-roles-and-responsibilities-in-a-raci-matrix "PDF")
- [ Subscribe](https://www.certifiedinfosec.com/javascript:void(0) "Subscribe")
- By [Allen Keele (Moderator)](https://www.certifiedinfosec.com/resources/blog/author/7773-moderator)  , on July 6, 2024 22:41
- [](https://www.certifiedinfosec.com/resources/blog/2-how-to-assign-nist-cybersecurity-framework-2-0-roles-and-responsibilities-in-a-raci-matrix#comments)
- [ **Leave a comment** ](https://www.certifiedinfosec.com/resources/blog/2-how-to-assign-nist-cybersecurity-framework-2-0-roles-and-responsibilities-in-a-raci-matrix)
- 1 min read

This video features Allen Keele, a principal and lead instructor at Certified Information Security, who outlines the five steps recommended by NIST to initiate or integrate the NIST Cybersecurity Framework 2.0 into an organization's cybersecurity program. He emphasizes the importance of understanding the organization's current cybersecurity state and NIST CSF 2.0's target goals.

The video also discusses the maturity scale levels provided by the Cybersecurity and Infrastructure Security Agency (CISA) for assessing conformance, ranging from planned to managed, measured, and defined. Additionally, Keele explains the hierarchical structure of NCSF 2.0, which includes six functions, 22 major project categories, and 106

 [ Read more ](https://www.certifiedinfosec.com/resources/blog/2-how-to-assign-nist-cybersecurity-framework-2-0-roles-and-responsibilities-in-a-raci-matrix)

 - Posted in:
- [Blog](https://www.certifiedinfosec.com/resources/blog/category/3-blog),
- [Cybersecurity](https://www.certifiedinfosec.com/resources/blog/category/4-cybersecurity)
- Tagged with:
- [cybersecurity](https://www.certifiedinfosec.com/resources/blog/tag/1-cybersecurity),
- [information security](https://www.certifiedinfosec.com/resources/blog/tag/3-information-security),
- [nist csf](https://www.certifiedinfosec.com/resources/blog/tag/9-nist-csf),
- [privacy](https://www.certifiedinfosec.com/resources/blog/tag/10-privacy),
- [cybersecurity framework](https://www.certifiedinfosec.com/resources/blog/tag/11-cybersecurity-framework)

   #  [ MYTH: The Board and C-Suite have no role in Cybersecurity ](https://www.certifiedinfosec.com/resources/blog/1-myth-the-board-and-c-suite-have-no-role-in-cybersecurity)

 [  ](#)- [ Print](https://www.certifiedinfosec.com/resources/blog/print/1-myth-the-board-and-c-suite-have-no-role-in-cybersecurity "Print")

- [ PDF](https://www.certifiedinfosec.com/resources/blog/pdf/1-myth-the-board-and-c-suite-have-no-role-in-cybersecurity "PDF")
- [ Subscribe](https://www.certifiedinfosec.com/javascript:void(0) "Subscribe")
- By [Allen Keele (Moderator)](https://www.certifiedinfosec.com/resources/blog/author/7773-moderator)  , on April 30, 2024 17:21
- [](https://www.certifiedinfosec.com/resources/blog/1-myth-the-board-and-c-suite-have-no-role-in-cybersecurity#comments)
- [ **Leave a comment** ](https://www.certifiedinfosec.com/resources/blog/1-myth-the-board-and-c-suite-have-no-role-in-cybersecurity)
- 4 min read

**Transcript**

Hi, my name is Allen Keele. I'm a Principal with Certified Information Security and today I would like to bust a myth that the Board and C-Suite have no role in cybersecurity, at least that's what I seem to run into an awfully lot.

So the reality is that cyber risk is pervasive throughout the enterprise. Wherever Internet technology exists, not just in the server room, meaning that operations, technology, and Internet of Things, any device that we use within our organization that has Internet connectivity in some way is essentially a cyber risk entry point. So expecting that

 [ Read more ](https://www.certifiedinfosec.com/resources/blog/1-myth-the-board-and-c-suite-have-no-role-in-cybersecurity)

 - Posted in:
- [Blog](https://www.certifiedinfosec.com/resources/blog/category/3-blog),
- [Cybersecurity](https://www.certifiedinfosec.com/resources/blog/category/4-cybersecurity)
- Tagged with:
- [cybersecurity](https://www.certifiedinfosec.com/resources/blog/tag/1-cybersecurity),
- [information security](https://www.certifiedinfosec.com/resources/blog/tag/3-information-security),
- [nist csf](https://www.certifiedinfosec.com/resources/blog/tag/9-nist-csf),
- [privacy](https://www.certifiedinfosec.com/resources/blog/tag/10-privacy),
- [cybersecurity framework](https://www.certifiedinfosec.com/resources/blog/tag/11-cybersecurity-framework)

###

## Schema

```json
{ "@context": "https://schema.org", "@type": "BreadcrumbList", "itemListElement": [ { "@type": "ListItem", "position": 1, "name": "Home", "item": "https://www.certifiedinfosec.com" }, { "@type": "ListItem", "position": 2, "name": "Blog", "item": "https://www.certifiedinfosec.com/resources/blog" }, { "@type": "ListItem", "position": 3, "name": "nist csf", "item": "https://www.certifiedinfosec.com/resources/blog/tag/9" } ] }
```
