NIST Cybersecurity Framework 2.0 Essentials

NIST Cybersecurity Framework 2.0 Essentials Course introduces the NIST CSF 2.0 structure for cybersecurity management, clarifying functions, categories and security outcomes. The training supports the application of the framework for maturity assessment, prioritisation of improvements and alignment with risk and governance.

Register
Companies: request a proposal

Quick Access:  Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Prerequisites· Programme· Exam & Certification· Other information· Benefits· Logistics· FAQs· Registration

Upcoming dates

Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.

11 May 2026
Live Online • next edition
28 September 2026
Live Online • base price
Duration: 1 day / 7h
Language: available in Portuguese or English
Training: focused on understanding CSF 2.0 and implementation resources
Exam: 30 min
ESSENTIAL LEVEL — structured and solid knowledge that underpins any career.

Why this course exists

To create a solid foundation and a common language in cybersecurity and in the NIST CSF 2.0 framework.

Many organisations need a structured and consistent approach to govern, assess and improve their cybersecurity posture, but they start without a solid foundation of concepts, terminology and understanding of the structure and resources of NIST CSF 2.0.

This course establishes the foundations required so that professionals from any area can understand and begin applying the practices of CSF 2.0, within their organisation or in support of third parties.

What this course enables you to do

Understand

Master cybersecurity concepts, terms and definitions and frame NIST CSF 2.0 within the context of a cybersecurity framework.

Interpret

Read and use CSF 2.0 methodically: recognise the structure, identify the components (Core, Profiles, Tiers) and understand their applicability.

Relate

Understand how CSF 2.0 integrates with other frameworks and best practices (e.g. ISO/IEC 27001) and how to use informative references.

Apply

Identify support resources (quick guides, reference catalogues, CPRT) and begin using profiles and tiers to guide improvements and organisational integration.

Frameworks, standards and best practices addressed throughout the course

NIST CSF 2.0 — structure & applicability
CSF Core: functions, categories and subcategories
CSF Profiles: organisational and community
CSF Tiers: concept and impact
Quick implementation guides
Informative references catalogue
CPRT Catalog (overview)
Comparison CSF 1.1 vs CSF 2.0
Related frameworks (overview)
Related regulation & legislation (overview)

Value for the organisation

  • A common knowledge base for teams involved in cybersecurity and technological risk management.
  • The ability to frame the structure of CSF 2.0 and use its components (Core, Profiles, Tiers) as a common language.
  • Greater consistency in the selection and integration of practices with existing frameworks (e.g. ISO/IEC 27001) through informative references.
  • Solid preparation to support improvement initiatives and the structuring of a cybersecurity framework adapted to organisational needs.

Introduction

The NIST Cybersecurity Framework 2.0 Essentials course is a course based on the NIST CSF 2.0 cybersecurity framework. The course presents the knowledge required for a professional from any area to know and understand the concepts, terms and definitions related to cybersecurity.

The course also presents the structure and requirements addressed in the NIST CSF 2.0 framework and related resources, so that any professional can work with and begin applying the practices set out in the framework, whether within their organisation or in support of third-party organisations.

During the course, topics such as the structure of the framework (including the CSF 2.0 Core), quick implementation guides, organisational and community profiles, including the use of Tiers and their impact on profile creation, examples of implementation of subcategories (controls) and their informative references, as well as an overview of the “Cybersecurity and Privacy Reference Tool (CPRT)” will be addressed. Throughout the course, the differences from version CSF 1.1 are identified.

During the course, a brief summary of the main cybersecurity and information security frameworks related to CSF 2.0 is also presented, and version 1.1 is compared with the new version 2.0.

This course prepares participants for the NIST Cybersecurity Framework 2.0 Essentials personal certification.

This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC – Portugal.

General Objectives

At the end of this course, participants will be able to:

  • Understand and use essential knowledge, namely the concepts, terms and definitions related to cybersecurity and cybersecurity frameworks.
  • Understand and identify the most relevant cybersecurity frameworks, including some related legislation and regulation.
  • Understand the essential knowledge and the structure of the CSF 2.0 framework, and identify its main components.
  • Identify the various documents and other resources that support the implementation and operation of CSF 2.0.
  • Identify and distinguish the main differences between CSF 1.1 and CSF 2.0.
  • Know and list the main categories of CSF 2.0 and the related subcategories (controls), including implementation examples.
  • Consult and use the informative/normative references catalogue.
  • Understand and apply the concept of profiles, organisational and community profiles, and examples of use.
  • Consult the CPRT catalogue and other key elements related to CSF 2.0.
  • Possess the knowledge required to successfully take the “NIST Cybersecurity Framework 2.0 Essentials” certification exam.

Target Audience

  • Professionals involved in the implementation and operation of cybersecurity frameworks who wish to acquire essential knowledge about CSF 2.0 so that they can integrate its best practices with the practices existing in their organisation or in their clients’ organisation.
  • Any person who wishes to acquire the essential knowledge required to work with the NIST CSF 2.0 cybersecurity framework.

Prerequisites

There are no mandatory formal prerequisites. However, other specific requirements may apply, where relevant, depending on the quotation/proposal presented (please consult the proposal).

Programme

Introduction to the course
Introduction to the fundamental concepts of cybersecurity and cybersecurity frameworks
Most relevant cybersecurity frameworks, related legislation and regulation
Essential knowledge and structure of the CSF 2.0 framework
  • Presentation and overview of the CSF Core – functions, categories and subcategories
  • Presentation and overview of the CSF Profiles
  • Presentation and overview of the CSF Tiers
Documentation and resources supporting the implementation and operation of CSF 2.0
Comparison and differences between CSF 1.1 and CSF 2.0
CSF 2.0 categories and subcategories (controls): examples and implementation
Consultation and applicability of the informative references catalogue
Organisational and community profiles: examples of use and quick guides
Presentation and applicability of the “Cybersecurity and Privacy Reference Tool (CPRT)” and other resources
Course closing and certification exam

Exam(s) and Certification

Exam “Certified NIST Cybersecurity Framework 2.0 Essentials”

The exam covers the following competence domains:

  • Domain 1: Concepts related to cybersecurity and cybersecurity frameworks
  • Domain 2: CSF 2.0, concepts, structure and resources supporting its implementation and integration within an organisation

 

Language(s): English and Portuguese
Duration: 30 minutes
Format: Multiple choice
Number of questions: 20 questions
Pass mark: 120/200 points
Results: “Pass or Fail”
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the result of the initial exam.

Certification

After successfully completing the exam and accepting/signing the applicable agreement and Code of Ethics, the candidate achieves the credential Certified NIST Cybersecurity Framework 2.0 Essentials.

A Certificate and a Digital Certification Badge (i.e. “badge”) will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they apply.

The personal certification programme “Certified NIST Cybersecurity Framework 2.0 Essentials” is developed and maintained in accordance with the international standard ISO/IEC 17024.

Certification programmes are valid only for individuals (not companies), and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement/Code of Ethics.

If the professional does not comply with the agreement/Code of Ethics, certification is not granted or is revoked.

Other Information

General Information
  • Training available in Portuguese or English.
  • Online training materials in English, with online access, in accordance with the awarded conditions.
  • Behaviour digital Training Attendance Certificate with 7 CPD/CPE credits.
  • Online Certification Exam, in Portuguese or English. The exam may be taken up to 2 months from the course start date.
  • If the candidate does not pass the exam, they are entitled to one free retake within a maximum period of 2 months from the release date of the initial exam result.
  • Digital Certification Diploma and Digital Certification Badge (i.e. “badge”), after successfully passing the exam and completing the application process. This process has no associated cost.
Trainer(s)
The trainers are specialists, consultants and auditors with experience in cybersecurity consulting, implementation, auditing and training, including NIST CSF and other related frameworks, ISO/IEC 27001, ISO 22301, COBIT, CIS, among others. Some specialists participate in specific committees responsible for the evolution of these practices.

Benefits

View benefits
  • CSF 2.0 is a cybersecurity framework recognised internationally.
  • CSF 2.0 can be used as a basis for defining and supporting cybersecurity frameworks adapted to an organisation’s needs and/or integrated with requirements from other frameworks and best practices, such as ISO/IEC 27001.
  • The course is based on a personal certification programme in accordance with ISO/IEC 17024, which defines requirements for the certification of persons.
  • Objective preparation for the Certified NIST Cybersecurity Framework 2.0 Essentials exam (multiple choice).
  • The exam is supervised by an official BEHAVIOUR administrator.
  • In case of failure, there is 1 free retake within a maximum period of 2 months after the result of the initial exam.

Logistics

Useful information
  • Live Online (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks
  • Classroom (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks
  • 7 hours of synchronous training, 1 day of training
  • Requirements: computer with stable internet, browser, PDF reader, audio/video
Hotels in Lisbon
Find out where you can stay in Lisbon, near Behaviour, for classroom training.

Frequently Asked Questions

Objective answers to the most common questions about the NIST Cybersecurity Framework 2.0 Essentials course.

Do I need prior experience or previous certifications to participate?
No. The Essentials course was designed as an entry point and does not require prior experience or previous certifications.
What is the difference between the Essentials and Foundation levels?
The Essentials level focuses on the structured understanding of fundamental concepts and principles.
The Foundation level explores the requirements and normative structure in greater depth, preparing the participant to integrate and support implementation initiatives based on a more detailed understanding.
Is this course suitable for management or executive roles?
Yes. The course helps participants understand organisational impacts, responsibilities and strategic framing, making it suitable for management and executive roles that require a structured view, without excessive technical detail.
What can I do, in practice, after this course?
After the course, the participant is able to interpret the logic of the standard or framework, understand concepts and terminology, and participate confidently in conversations, meetings and decisions where the topic is discussed, even without assuming implementation or audit functions.
What does this course not cover and when should I move to another level?
This course does not go deeper into systems design, project execution or formal audits.
Whenever there is a need to implement a management system, lead organisational initiatives or carry out audits, the recommended path is to progress to Lead Implementer or Lead Auditor, depending on the intended role.
The Foundation level forms the preparatory basis for that progression, already allowing the participant to integrate and support projects under guidance, with a structured understanding of the requirements and of the logic of the system.
Does this course replace implementation or audit training in cybersecurity?
No. This course works as a basis for framing and a common language, and is complementary to implementation, audit or technical specialisation training.

For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.

Registration

Complete the form to request your registration for the preferred edition. Check the upcoming dates.

Contact name
=

Request more information

If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Request Information

Companies: request a proposal

For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
Request Proposal