The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Frequently Asked Questions
Framework Basics
What is the Framework, and what is it designed to accomplish?
Is my organization required to use the Framework?
Does it provide a recommended checklist of what all organizations should do?
Framework Users
What critical infrastructure does the Framework address?
Does the Framework apply only to critical infrastructure companies?
Does the Framework benefit organizations that view their cybersecurity programs as already mature?
Framework Components
What is the Framework Core and how is it used?
What are Framework Profiles and how are they used?
What are Framework Implementation Tiers and how are they used?
Using the Framework
What is the difference between 'using', 'adopting', and 'implementing' the Framework?
Would the Framework have prevented recent highly publicized attacks?
Does the Framework address the cost and cost-effectiveness of cybersecurity risk management?
Small Business Use
Does the Framework apply to small businesses?
U.S. Federal Agency Use
Are U.S. Federal agencies required to apply the Framework to Federal information systems?
Can U.S. Federal agencies apply the Framework to Federal information systems?
Relationship Between the Framework and Other Approaches and Initiatives
Updates to the Cybersecurity Framework
How often will NIST update the Framework?
How did NIST process the V1.1 update?
How did NIST determine features for this update?
Informative References
What are Informative References?
What is the Online Informative References (OLIR) Program?
Why were Online Informative References necessary?
Communicating with NIST
Who can answer additional questions regarding the Framework?