Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
CSF 2.0 Informative References
Download CSF 2.0 Informative Reference in the Core
Directly download all the Informative References for CSF 2.0
For users that want all informative references.
Select Informative References to be included with the Core
For users that want to select specific informative references.
Compare Informative References
Generate, view and download Comparison Reports between CSF 2.0 Informative References
Recent Additions
Informative references are developed by NIST and non-NIST entities. NIST conducts limited conformance testing of OLIR submission to IR 8278A, Revision 1. NIST does not conduct correctness testing on non-NIST submitted mappings, and the listing for non-NIST mappings in the catalog does not imply NIST endorsement. NIST publishes each informative reference submission for a 30-day public comment period prior to publishing it as final. For additional context regarding unilateral mappings and NIST’s role, please refer to Section 2.3.1 of NISTIR 8278 Revision 1.
- Invariant-Reality-Prism-Framework-to-CSF-v2.0
- PCI-DSS-4.0.1-to-CSF-v2.0
- CIS-Controls-8.1-to-CSF-v2.0
- NICE-v2.0.0-to-CSF-v2.0
- CSFv2.0-to-SP-800-53-Rev-5-2-0
- Cyber-Governance-Code-of-Practice-to-CSF-v2.0
- CSF 2.0 and NIST SP 800-171 Rev. 3
- ISO/IEC-27001:2022-to-Cybersecurity-Framework-v2.0 Informative Reference Details
- CRI Profile Version 2.0 to CSF 2.0
- Cloud Controls Matrix (CCM) Version 4.0 to CSF 2.0
- Secure-Controls-Framework-(SCF)-to-CSF-2.0 (1.0.0)