Cybersecurity Assessment Tool Updated to NIST 2.0

With the growing field of information technology, the threats from bad actors have also increased. Each year, more sophisticated cyberattacks happen, so information security and cybersecurity tools have to keep up with them. They are often updated, but some are sunset to be replaced with a better type of tool. This is why TraceSecurity is updating their CSAT with the NIST Cybersecurity Framework (CSF) 2.0.

The National Institution of Standards and Technology have produced a framework that helps manage cybersecurity risks. With this new guidance and recommendations, many third-party cybersecurity firms are revamping their scanning tools, assisting them and their customers in recognizing and eliminating risks and vulnerabilities.

The cybersecurity framework that the NIST has released is a structure of guidelines that help reduce cybersecurity issues and manage vulnerabilities. There have been many changes over the previous iteration, but they have broken down specific functions into these six categories:

• Govern – the main function of the framework that incorporates the strategy of the organization, which prioritizes the other five functions based on what is needed.
• Identify – this function represents the organization’s understanding of risks and vulnerabilities.
• Protect – once identified, this function goes through the safeguards to keep those risks out of the organization.
• Detect – this represents the organization’s ability to recognize and analyze old and new risks that may arise.
• Respond – this is the response that the organization gives when these threats and risks are detected.
• Recover – finally, this function represents the restoration if a cyberattack ever succeeds to go through an organization.

Because of the update, it might seem like there’s a lot to deal with since it’s different from before. However, the NIST has made it easy, providing many resources for businesses to take advantage of. It’s a good idea to compare it to CSF 1.1 that came before.

In the past, many organizations have depended on the free Cybersecurity Assessment Tool (CAT) for vulnerability scans. Unfortunately, as of August 31, 2025, the FFIEC will be sunsetting the CAT and it will no longer be a viable option for cybersecurity scanning. With no updates or patches coming to it, it will fall into obscurity and will be unreliable to use.

This comes with the update to the NIST cybersecurity framework. Because of this, many third-party cybersecurity firms are updating their tools to fill in the gap left by this program. With the new framework, plenty of tools will be even better than they currently are, so it’s a good idea to begin looking for a replacement. It is still necessary even if the CAT is gone.

As said above, while the FFIEC is sunsetting their CAT, TraceSecurity will be updating their free CSAT scanner to the NIST CFE 2.0. While this isn’t usually required by examiners in the infosec world, it is still a good idea to run it now and then to make sure your business is up to proper standards. Granted, this is only a surface-level assessment. It’s always better to get a more in-depth look at your network with an IT Audit or risk assessment.

With this update, TraceSecurity can assist your business without cost. Simply signing up for the TraceSecurity CSAT will allow you to use it. If additional scanning is necessary, you already have access to the firm for further assistance. Either way, being up to date on your cybersecurity and infosec posture is always a good thing.

With the FFIEC sunsetting their cybersecurity assessment tool, other tools have come in to fill in this gap. Plenty of third-party infosec firms are updating their own CAT applications, though, including TraceSecurity. The National Institute of Standards and Technology has updated their cybersecurity framework, however, which is what many of them are going to be using.

TraceSecurity is updating their CSAT program to the NIST CSF 2.0, making it a strong contender to replace the FFIEC’s tool. It runs off an entirely new and updated method centered around governance. Following this framework will make sure that your organization is in line with the current standards for information security.