The cybersecurity framework was originally aimed at critical infrastructure organizations, but it has been widely used and widely recommended and NIST highlighted that CSF 2.0 is designed to help all organizations reduce risks, regardless of sector, size, or level of security sophistication.
Based on the feedback it received on the draft of the Cybersecurity Framework 2.0, NIST expanded the core guidance and created additional resources to help organizations use the CSF to its full potential.