Cybersecurity Framework | NIST
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Helping organizations to better understand and improve their management of cybersecurity risk

CSF 2.0

For industry, government, and organizations to reduce cybersecurity risks

Read the Document

Top Blue Winding Road

Quick Start Guides

For users with specific common goals

View the Quick Start Guides

CSF 2.0 Profiles

Templates and useful resources for creating and using both CSF profiles 

See the Profiles

Bottom Road Winding Blue

Informative References (Mappings)

See how NIST's resources overlap and share themes

See the Mappings

Videos

The NIST CSF 2.0
The NIST CSF 2.0
Overview of the NIST CSF 2.0 Small Business Quick Start Guide
Overview of the NIST CSF 2.0 Small Business Quick Start Guide

Latest Updates

  • On February 13, 2025, the CSF 2.0 is now available in Japanese and Norwegian. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
  • On February 4, 2025, the CSF 2.0 is now available in Greek. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
  • On January 22, 2025, the CSF 2.0 team presented at the ISC2 Spotlight Virtual Event titled “Beyond the Basics: Exploring NIST Cybersecurity Framework 2.0.” View a PDF of the presentation here.
  • On January 13, 2025, the NIST National Cybersecurity Center of Excellence (NCCoE) published an initial public draft of NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile. Comments are due by March 14, 2025. 
  • On December 16, 2024, the NIST National Cybersecurity Center of Excellence (NCCoE) has released Draft NIST Internal Report (IR) 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Genomic Data Profile), which provides a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data. The updated draft incorporates the CSF 2.0 and NIST Privacy Framework (PF) version 1.0 to help organizations prioritize cybersecurity and privacy capabilities. This publication is the first joint CSF and PF Community Profile developed by NIST. Learn more here.

See more Latest Updates

 

Contacts

For further information and/or questions about the Cybersecurity Framework