Feb 26, 2024·NIST · FrameworkActiveMedium impact

NIST Cybersecurity Framework 2.0 published

CSF 2.0 adds the Govern function and broadens scope beyond critical infrastructure, becoming the de facto baseline hospitals reference in MDS2 / HSCC procurement questionnaires.

What changed

New Govern function covers cybersecurity risk strategy, roles, and supply-chain risk management.
Updated mappings to NIST SP 800-53, IEC 62443, and SBOM-related publications.

Action for manufacturers

Update MDS2 / procurement narratives so they cite CSF 2.0 control families instead of 1.1; hospitals are now scoring against 2.0.

Primary sources

NIST CSF 2.0

Related Blue Goat Cyber resources

MDS2 / HSCC procurement disclosure

Entry metadata

Date: Feb 26, 2024
Agency: NIST
Type: Framework
Status: Active
Impact: Medium
Last reviewed: Jun 5, 2026

Applies to

MedTech security programs
Hospital procurement responses

What changed

Action for manufacturers

Primary sources

Related Blue Goat Cyber resources

Get FDA cleared without the cybersecurity headaches.