Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Helping organizations to better understand and improve their management of cybersecurity risk

Framework Version 1.1

The Cybersecurity Framework is ready to download.

Learn More

New to Framework

This voluntary Framework consists of standards, guidelines and best practices to manage cybersecurity risk.

Learn More

Online Learning

Intro material for new Framework users to implementation guidance for more advanced Framework users.

Learn More

Latest Updates

NIST is pleased to announce the release of NISTIR 8323 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. The PNT Profile was created by using the NIST Cybersecurity Framework and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services.
Check out Kevin Stine’s latest blog (2021: What’s Ahead from NIST in Cybersecurity and Privacy?) which highlights NIST's decision to focus on nine priority areas over the next several years.
Check out NISTIR 8286A (Draft) - Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM), which provides a more in-depth discussion of the concepts introduced in the NISTIR 8286 and highlights that cybersecurity risk management (CSRM) is an integral part of ERM.
NIST is pleased to announce the release of NISTIRs 8278 & 8278A for the Online Informative References Program. These reports focus on 1) OLIR program overview and uses (NISTIR 8278), and 2) submission guidance for OLIR developers (NISTIR 8278A).
NIST is pleased to announce the release of NISTIR 8323 (Draft) Cybersecurity Profile for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. The comment period is open through November 23, 2020 with instructions for submitting comments available HERE.
NIST just published NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

To see more Latest Updates click here

Contacts

For further information and/or questions about the Cybersecurity Framework

CONTACT:

cyberframework@nist.gov