Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Community-Submitted CSF 2.0 Resources

This page lists publicly available resources submitted by the CSF 2.0 user community. These resources are intended to help other organizations and individuals use the CSF 2.0 to manage and reduce cybersecurity risks. They include, but are not limited to: approaches, methodologies, implementation guides, mappings, case studies, educational materials, templates, or CSF 2.0 community profiles. NIST-developed materials may be found in the CSF 2.0 Resource Center.

Criteria for Inclusion
To be included in this listing, resources must be: publicly available on the Internet, accurate, comprehensive for a given dimension of the Framework, freely available without charge for others to use, and not an advertisement for a product or service. Requests to have a resource listed on this page should be sent with a brief description and link to csf [at] nist.gov (csf[at]nist[dot]gov). NIST staff will review all submissions.

CableLabs, Cable Routing Engineering for Security and Trust Working Group (CREST WG) Routing Security Profile
Cyber Risk Institute, CRI Profile for the Financial Sector
FAIR, Use FAIR to Build a NIST CSF 2.0-Based Cyber Risk Management Program
Cloud Security Alliance, CSA Cloud Controls Matrix V4.0: A CSF 2.0 Cloud Community Profile
HITRUST, The HITRUST Approach to Cyber Resilience Leveraging HITRUST to Implement the NIST Cybersecurity Framework Version 2.0
NTCA, NTCA Cybersecurity Series, Sector-Specific Guidance to the NIST Cybersecurity Framework

John Masserini, NIST CSF Maturity Toolkit
Optic Cyber Solutions, Maturity and Progress Tracker (MaPT)
Wendell Rodrigues, NIST CSF 2.0 Dashboard with Mock Data

Center for Internet Security (CIS) OLIR mapping, CISv8.0-CSFv2.0 (1.0.0)
Razillio, ISO-International Organization for Standardization / IEC-International Electrotechnical Commission OLIR mapping, ISO/IEC-27001:2022-to-Cybersecurity-Framework-v2.0
Secure Controls Framework Council (SCF), LLC OLIR mapping, Secure-Controls-Framework-(SCF)-to-CSF-2.0 (1.0.0)

View an archive of CSF 1.0 and 1.1 resources here.

Representations and Warranties

Certain commercial entities, equipment, or materials may be identified in this Web site or linked Web sites in order to support Framework understanding and use. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Created July 15, 2025, Updated August 5, 2025

Was this page helpful?

Cybersecurity Framework

Community-Submitted CSF 2.0 Resources

Share

Examples of Use

Tools

Informative References