Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Helping organizations to better understand and improve their management of cybersecurity risk

Request for Information | Evaluating and Improving NIST Cybersecurity Resources: The NIST Cybersecurity Framework and Cybersecurity Supply Chain Risk Management

Framework Version 1.1

The Cybersecurity Framework is ready to download.

Learn More

New to Framework

This voluntary Framework consists of standards, guidelines and best practices to manage cybersecurity risk.

Learn More

Online Learning

Intro material for new Framework users to implementation guidance for more advanced Framework users.

Learn More

Latest Updates

The Ransomware Risk Management Profile: Ransomware Risk Management: A Cybersecurity Framework Profile is now final and a quick start guide is available.
We are excited to announce that the Framework has been translated into Ukrainian!
NIST has issued an RFI for Evaluating and Improving NIST Cybersecurity Resources - responses are due by April 25, 2022.
We are excited to announce that the Framework has been translated into French!
Draft NISTIR 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, is now available for public comment! This report continues an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management, and provides additional detail regarding the enterprise application of cybersecurity risk information.

To see more Latest Updates click here

Contacts

For further information and/or questions about the Cybersecurity Framework

CONTACT:

cyberframework@nist.gov