Deep Dive into the “Identify” Function: Transitioning from the 2018 Framework to CSF 2.0

Understanding an organization’s digital assets and systems in the ever-changing cybersecurity landscape is crucial to ensure effective security. The “Identify” function of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) serves as the foundation for this understanding, guiding organizations in establishing a comprehensive view of their cybersecurity posture.  

With the transition from the 2018 version of the CSF to CSF 2.0, notable refinements have been introduced to this critical function. This blog post explores these changes, shedding light on their implications and how organizations can leverage them to enhance cybersecurity practices.  


The Essence of “Identify”  

The “Identify” feature’s main objective is to help organizations acquire comprehensive knowledge of their cybersecurity risk factors, including systems, personnel, assets, data, and capabilities. This knowledge can then be used to manage and mitigate potential risks effectively. This involves identifying what needs to be protected and understanding the possible risks to those assets.  


Critical Changes in CSF 2.0  

  1. Enhanced Emphasis on Asset Management (ID.AM)

While asset management was a component of the “Identify” function in the 2018 version, CSF 2.0 continuously emphasizes its criticality. The updated framework suggests a more dynamic and continuous approach to asset management, recognizing the fluid nature of digital assets in a rapidly changing technological landscape. Organizations are encouraged to maintain up-to-date inventories of physical and software assets, ensuring comprehensive visibility and management.  


  1. Introduction of “Improvement” (ID.IM)

CSF 2.0 introduces “Improvement” as a new category within the “Identify” function. This addition underscores the importance of understanding current cybersecurity capabilities and continuously seeking ways to enhance them. This proactive stance on improvement aligns with the overall adaptive and resilient ethos of CSF 2.0, encouraging organizations to evolve their cybersecurity practices in tandem with emerging threats and technologies.  


  1. Streamlined Risk Assessment Approach (ID.RA)

The “Identify” function in CSF 2.0 streamlines the approach to risk assessment, focusing on integrating risk management strategies more closely with organizational objectives and the broader cybersecurity framework. This refinement aims to foster a more strategic and holistic view of risk assessment, moving beyond piecemeal evaluations to a comprehensive understanding of cybersecurity risks in context with the organization’s goals and risk tolerance.


Implications for Organizations  

The evolution of the “Identify” function in CSF 2.0 reflects a broader shift towards a more nuanced and forward-looking approach to cybersecurity. By emphasizing dynamic asset management, continuous improvement, and integrated risk assessment, the updated framework provides organizations with the tools to understand their current cybersecurity landscape and anticipate and prepare for future challenges

Organizations seeking to align with CSF 2.0 must adopt a more agile and iterative approach to identifying cybersecurity risks and assets. This might involve implementing advanced asset discovery and management tools, establishing processes for ongoing risk analysis and improvement, and ensuring that cybersecurity practices are tightly integrated with overall organizational strategy.  



The enhancements to the “Identify” function in CSF 2.0 signal a significant advancement in how organizations approach the foundational aspects of cybersecurity. By providing a framework for a more dynamic, integrated, and improvement-oriented approach, CSF 2.0 equips organizations to navigate the complexities of the digital age better. Adapting to these changes will be pivotal for organizations aiming to maintain resilience in the face of evolving cybersecurity threats and landscapes. 


Brent Gage

After beginning his career as a roustabout on an offshore drilling rig, Brent is now the Manager of Cybersecurity at who performs client consultation and assessments while maintaining and monitoring the platform’s hosting infrastructure.

Share this post


Recent Articles

About Us

Contact Us