Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Frequently Asked Questions
Framework Basics
What is the Framework, and what is it designed to accomplish?
Is my organization required to use the Framework?
Framework Users
Does the Framework apply only to critical infrastructure companies?
Does the Framework benefit organizations that view their cybersecurity programs as already mature?
Framework Components
What is the Framework Core and how is it used?
What are Framework Profiles and how are they used?
What are Framework Implementation Tiers and how are they used?
Using the Framework
Does the Framework address the cost and cost-effectiveness of cybersecurity risk management?
Should the Framework be applied to and by the entire organization or just to the IT department?
Small Business Use
Does the Framework apply to small businesses?
U.S. Federal Agency Use
Are U.S. Federal agencies required to apply the Framework to Federal information systems?
Relationship Between the Framework and Other Approaches and Initiatives
What is the relationship between the Cybersecurity Framework and the NIST Privacy Framework?
Is the Framework being aligned with international cybersecurity initiatives and standards?
International
What is the difference between a translation and adaptation of the Framework?
Updates to the Cybersecurity Framework
Why is NIST deciding to update the Framework now toward CSF 2.0?
How can I engage in the Framework update process?
Should I use CSF 1.1 or wait for CSF 2.0?
Communicating with NIST
Who can answer additional questions regarding the Framework?
How can I engage with NIST relative to the Cybersecurity Framework?