Introducing Three New Frameworks: NIST CSF, CMMC Level 1 and Cyber Essentials

At Thoropass, we believe compliance should enable progress—not slow it down. That’s why we’re constantly expanding our framework library to meet customers where they are and help them scale with confidence.

Today, we’re excited to announce support for three new frameworks:

• NIST Cybersecurity Framework (CSF) 2.0
• CMMC Level 1
• Cyber Essentials

Whether you’re strengthening your baseline security posture, preparing to do business with the U.S. Department of Defense, or aligning with the latest industry guidance, our platform and experts are here to help you move forward with clarity and speed.

Let’s take a closer look.

NIST CSF 2.0: Future-Proof Your Cybersecurity Program

What it is:
The updated NIST Cybersecurity Framework (CSF) 2.0 offers a flexible, scalable approach to managing cybersecurity risk. It’s built around six core functions: Govern, Identify, Protect, Detect, Respond, and Recover.

Why it matters:
With NIST CSF 2.0, you get a structured path to maturity, better risk visibility, and alignment with global standards like ISO 27001 and NIST 800-53. It’s ideal for both scaling startups and critical infrastructure providers.

What’s included:

• Maturity modeling with CSF Tiers
• Guided onboarding with expert support
• Seamless crosswalks to ISO, HIPAA, PCI, and CMMC

Who it’s for:
Any business looking to formalize, modernize, or scale its cybersecurity program—especially in regulated sectors or critical infrastructure.

CMMC Level 1: Fast-Track DoD Contract Readiness

What it is:
CMMC Level 1 focuses on basic cybersecurity hygiene to protect Federal Contract Information (FCI). It includes 17 foundational practices and is required for many U.S. Department of Defense (DoD) contracts.

Why it matters:
Defense contractors and suppliers need to meet these requirements to remain eligible for DoD work. Thoropass helps you implement the controls efficiently and prepares you for self-assessment—without slowing your team down.

What’s included:

• Pre-built workflows for the 17 CMMC Level 1 controls
• Guided onboarding with expert support
• Smart mapping to reuse work from SOC 2 or NIST 800-171

Who it’s for:
Subcontractors, suppliers, and businesses working with (or planning to work with) the U.S. Department of Defense.

Cyber Essentials: Your First Step Toward Strong Cybersecurity

What it is:
Cyber Essentials is a UK government-backed framework designed to protect organizations from the most common cyber threats. It’s simple, self-assessed, and often a requirement for UK government contracts.

Why it matters:
If you’re expanding into the UK market or supporting public sector clients, Cyber Essentials is a powerful signal of trust. And with Thoropass, you can manage it alongside your other frameworks—no duplicate work required.

What’s included:

• Built-in workflows aligned to Cyber Essentials requirements
• Guided onboarding with expert support
• Support for scaling into Cyber Essentials Plus, ISO 27001, and beyond

Who it’s for:
Any organization that wants to reduce risk from common cyberattacks—especially those working with UK government agencies or regulated industries.

One platform, total confidence

All three frameworks are now live in Thoropass—and available to all customers. As always, we’ve designed each implementation to be:

• Unified – Combine management of multiple frameworks with unified controls
• Expert-guided – Work directly with compliance professionals
• Automated – Use AI, integrations, and automation to cut manual work
• Scalable – Start simple and grow into what’s next

No matter your size, industry, or security goals, our platform is built to help you take the next step with clarity and control.

Ready to simplify your compliance journey?

Talk to a Thoropass expert today and learn how we can help you meet NIST CSF 2.0, CMMC Level 1, or Cyber Essentials—with confidence.