Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Helping organizations to better understand and improve their management of cybersecurity risk

CSF 2.0

For industry, government, and organizations to reduce cybersecurity risks

Read the Document

Quick Start Guides

For users with specific common goals

View the Quick Start Guides

CSF 2.0 Profiles

Templates and useful resources for creating and using both CSF profiles

See the Profiles

Informative References (Mappings)

See how NIST's resources overlap and share themes

See the Mappings

Videos

The NIST CSF 2.0

See more Videos

CSF 2.0 Webinar Series: Implementing CSF 2.0—The Why, What, and How

Latest Updates

On April 28, 2025, the CSF 2.0 is now available in Mandarin. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On April 18, 2025, the CSF 2.0 is now available in Thai. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On April 8, 2025, the Department for Science, Innovation & Technology in the United Kingdom (UK) published a mapping of the UK Cyber Governance Code of Practice to the NIST Cyber Security Framework (CSF). This mapping document is for boards, directors and Chief Information Security Officers (or equivalent) and will help understand the Cyber Governance Code of Practice.
On April 7, 2025, Boise State University’s Office of Information Technology announced they are adopting the NIST CSF to boost research capacity—“a significant step that enhances the university’s ability to compete for sponsored projects requiring controlled data management (e.g., covered defense information, protected health information) and reinforces its commitment to cybersecurity excellence.”
On April 3, 2025, NIST hosted the Cyber AI Profile Workshop. The slides and event recording are available here.
On April 3, 2025, NIST published the final version of NIST Special Publication 800-61r3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0.
On March 20, 2025, the CSF team presented the first episode of NIST’s new multi-part webinar series – Implementing CSF 2.0 - The Why, What, and How. The recording and slides can be found here.

See more Latest Updates

Contacts

For further information and/or questions about the Cybersecurity Framework

CONTACT:

cyberframework@nist.gov