Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Helping organizations to better understand and improve their management of cybersecurity risk

CSF 2.0

For industry, government, and organizations to reduce cybersecurity risks

Read the Document

Quick Start Guides

For users with specific common goals

View the Quick Start Guides

CSF 2.0 Profiles

Templates and useful resources for creating and using both CSF profiles

See the Profiles

Informative References (Mappings)

See how NIST's resources overlap and share themes

See the Mappings

Videos

The NIST CSF 2.0

See more Videos

CSF 2.0 Webinar Series: Implementing CSF 2.0—The Why, What, and How

Latest Updates

On April 18, 2025, the CSF 2.0 is now available in Thai. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On April 8, 2025, the Department for Science, Innovation & Technology in the United Kingdom (UK) published a mapping of the UK Cyber Governance Code of Practice to the NIST Cyber Security Framework (CSF). This mapping document is for boards, directors and Chief Information Security Officers (or equivalent) and will help understand the Cyber Governance Code of Practice.
On April 7, 2025, Boise State University’s Office of Information Technology announced they are adopting the NIST CSF to boost research capacity—“a significant step that enhances the university’s ability to compete for sponsored projects requiring controlled data management (e.g., covered defense information, protected health information) and reinforces its commitment to cybersecurity excellence.”
On April 3, 2025, NIST hosted the Cyber AI Profile Workshop. The slides and event recording are available here.
On April 3, 2025, NIST published the final version of NIST Special Publication 800-61r3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0.
On March 25, 2025, NIST’s Stephen Quinn, the project lead for the Cybersecurity Framework, provided a comprehensive overview of the key updates and transformative features in CSF version 2.0. This overview can be found in the GovCIO Cybercast Season 6 Episode 12 titled Inside the Latest Version of NIST’s Cybersecurity Framework.
On March 12, 2025, NIST published the Initial Public Draft (IPD) of NIST Special Publication 1308, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick Start Guide. The comment period is open through April 25, 2025, at 11:59 PM.
The NIST National Cybersecurity Center of Excellence (NCCoE) will be aligning the NIST Internal Report (IR) 8323r1, Foundational Position, Navigation, and Timing (PNT) Profile: Applying the Cybersecurity Framework (CSF) for the Responsible Use of PNT Services with the NIST Cybersecurity Framework 2.0 and requests feedback on this effort using a short questionnaire. The questionnaire for the revision of NIST IR 8323 will be open for comments through April 25, 2025. View the Cybersecurity Framework Profile for PNT project page.

See more Latest Updates

Contacts

For further information and/or questions about the Cybersecurity Framework

CONTACT:

cyberframework@nist.gov