Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
New to Framework
This voluntary Framework consists of standards, guidelines and best practices to manage cybersecurity risk.
Online Learning
Intro material for new Framework users to implementation guidance for more advanced Framework users.
Latest Updates
- To help protect our elections, NIST is pleased to offer Specific Cybersecurity Guidelines and has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile. The Profile is meant to supplement but not replace current cybersecurity standards and industry guidelines available to election officials. Please submit your comments by May 14th using our comment template.
- The International Standards Organization (ISO), in conjunction with the International Electrotechnical Commission (IEC), has published ISO/IEC 27110: Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines. This document specifies guidelines for developing a cybersecurity framework. The guidelines specify that all cybersecurity frameworks should have the following concepts: Identify, Protect, Detect, Respond, Recover.
-
NIST is pleased to announce the release of NISTIR 8323 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. The PNT Profile was created by using the NIST Cybersecurity Framework and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services.
-
Check out Kevin Stine’s latest blog (2021: What’s Ahead from NIST in Cybersecurity and Privacy?) which highlights NIST's decision to focus on nine priority areas over the next several years.
- Check out NISTIR 8286A (Draft) - Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM), which provides a more in-depth discussion of the concepts introduced in the NISTIR 8286 and highlights that cybersecurity risk management (CSRM) is an integral part of ERM.
- NIST is pleased to announce the release of NISTIRs 8278 & 8278A for the Online Informative References Program. These reports focus on 1) OLIR program overview and uses (NISTIR 8278), and 2) submission guidance for OLIR developers (NISTIR 8278A).
To see more Latest Updates click here
Contacts
For further information and/or questions about the Cybersecurity Framework
-
CONTACT: