Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Latest Updates

  • Check out the latest blog on Framework engagement with the international community HERE!
  • Check out our newest Success Story that comes from the Israel National Cyber Directorate, check it out HERE!
  • Save the Date: NIST plans to host a workshop on Cybersecurity Online Informative References at the National Cybersecurity Center of Excellence(NCCoE), 9700 Great Seneca Highway, Rockville, Maryland on December 3rd, 2019. Click here for the conference notice!
  • National Cybersecurity Awareness Month (NCSAM) 2019 has now come to a close. At NIST, we worked throughout the month of October to celebrate cybersecurity through awareness of our publications and work, news, and special events. Thank you for celebrating right along with us!
  • OAS and AWS recently released a White Paper to Strengthen Cybersecurity Capacity in the Americas through the NIST Cybersecurity Framework
  • On August 16-17, Amy Mahn from the Applied Cybersecurity Division participated in a workshop organized by the International Trade Administration (ITA) on “Facilitating Trade through Adherence to Globally-Recognized Cybersecurity Standards and Best Practices” as part of the Asia-Pacific Economic Cooperation (APEC) Senior Officials Meeting in Puerto Varas, Chile.
  • Amy Mahn, International Policy Specialist at NIST, stresses the importance of international collaboration and alignment for the Cybersecurity Framework effort in the new article, “Picking up the Cybersecurity Framework’s Pace Internationally.” See:  https://www.nist.gov/cyberframework/picking-frameworks-pace-internationally
  • At the U.S. Chamber's Cybersecurity Series in Seattle on June 19th, NIST's Adam Sedgewick discussed how small businesses can put the Framework to use in  managing cybersecurity risks. 
  • A draft implementation guide (NISTIR 8183A) for the Cybersecurity Framework Manufacturing Profile Low Security Level has been developed for managing cybersecurity risk for manufacturers.
  • We are excited to announce that the Framework has been translated into Portuguese!
  • Roadmap for Cybersecurity Framework Version 1.1 has just been released, check it out HERE!
  • NISTIR 8204 has now been release, check it out HERE!
  • The recording of our April 26th webinar:  "Next Up! Cybersecurity Framework Webcast: A Look Back, A Look Ahead" is now available data=02|01|thelma.allen [at] nist.gov|f98d42ff1c8c46ffa50308d6d4b11e59|2ab5d82fd8fa4797a93e054655c61dec|1|0|636930254513640982&sdata=T1L8i6K7u2Wc/ZN/+p4z0cldmUK2H9FrJx8ct2IFlkg=&reserved=0" title="//www.kaltura.com/index.php/extwidget/preview/partner_id/684682/uiconf_id/36388532/entry_id/0_4wsl27p1/embed/iframe?&flashvars%5bstreamerType%5d=auto. Click or tap to follow the link.">HERE.
  • Version 1.1 of the Baldrige Cybersecurity Excellence Builder has just been released, check it out HERE!
  • The NIST director's remarks on Cybersecurity and Privacy updates at RSA are now available

  • Come check us out at RSA!

  • Check out our new infographic which highlights the impact the Framework has had across industry.

  • Happy Anniversary! It has been five years since the release of the Framework for Improving Critical Infrastructure Cybersecurity and organizations across all sectors of the economy are creatively deploying this voluntary approach to better management of cybersecurity-related risks.

  • The Framework has now been downloaded more than half a million times, with Version 1.1 eclipsing over a quarter million downloads in just over nine months!

  • New Success Stories demonstrate how several diverse organizations all leverage the Cybersecurity Framework differently to improve their cybersecurity risk management.

  • With over 900 registrants and a packed agenda, the Cybersecurity Risk Management Conference in Baltimore, MD was a great success! If you haven't already, please let us know what you think about the conference through the participant survey and Guidebook ratings. Presentation slides will be made available in the coming weeks, stay tuned. 
  • New Success Stories demonstrate how several diverse organizations all leverage the Cybersecurity Framework differently to improve their cybersecurity risk management.
  • The video recording of the "Next Up!" Webcast which focused on recent multi-sector work-products that exemplify best practices for cybersecurity risk management incorporating the Framework is now available. 
  • In just six months since its April 2018 release, V1.1 of the Cybersecurity Framework already has been downloaded over 205,000 times. That compares with approximately 262,000 total downloads of V1.0 over four years!
  • We are getting close to the Cybersecurity Risk Management Conference! A revised draft agenda is now available. More sessions will be added to the agenda over time.

  • Registration for the 2018 NIST Cybersecurity Risk Management Conference -- to be held November 7-9, 2018, at the Renaissance Baltimore Harborplace Hotel, in Baltimore, Maryland -- is now open. Sponsored by NIST, the three-day conference is expected to attract leaders from industry, academia, and government at all levels, including international attendees.   

  • A recording of the July 9th webcast: 'Lessons Learned in Using the Baldrige Cybersecurity Excellence Builder with the Cybersecurity Framework' is now available. It can be found HERE.

  • Save the Date: NIST plans to host the Cybersecurity Risk Management Conference -- likely in Baltimore, MD -- during the week of November 4th. This event will expand on previous Framework workshops and incorporate other elements of cybersecurity risk management. Stay tuned! 

  • Version 1.1 of the Framework was published on April 16, 2018. The document has evolved to be even more informative, useful, and inclusive for all kinds of organizations. Version 1.1 is fully compatible with Version 1.0 and remains flexible, voluntary, and cost-effective. Among other refinements and enhancements, the document provides a more comprehensive treatment of identity management and additional description of how to manage supply chain cybersecurity.  

  • The recorded version of the April 27th webcast is available.

  • Success Stories regarding Framework use / Implementation have been added to the website! Our first Success Story comes from the University of Chicago, check it out HERE!

  • Start Using the Baldrige Cybersecurity Tool: Here's Help. First, the Information Security Team of the University of Kansas Medical Center (KUMC) began using the Baldrige Cybersecurity Excellence Builder (BCEB) -- which is a voluntary self-assessment tool based on the Cybersecurity Framework. Learn about their experience at: https://www.nist.gov/blogs/blogrige/start-using-baldrige-cybersecurity-tool-heres-help 
    Also, the next Baldrige Cybersecurity Excellence Builder Workshop, April 8, 8:30-3:30 pm, in Baltimore, MD. It's a practical, interactive workshop on using the Baldrige Cybersecurity Excellence Builder (BCEB).  Details at: https://www.nist.gov/baldrige/qe/baldrige-cybersecurity-excellence-builder-workshop

  • RFC comments received on Draft 2 of Framework Version 1.1 and the Roadmap are now being reviewed. All responses will be published publicly in the coming weeks. NIST appreciates your feedback and as always, any additional comments can be directed to cyberframework [at] nist.gov ((link sends e-mail))

  • Two December 2017 webcasts about Framework basics and the proposed updates to Framework and Roadmap are now available for playback.
  • A mapping of the Framework Core to NIST SP 800-171 Revision 1 has recently been published. This can be found in Appendix D of the publication(link is external).
  • A blog entry on protecting critical infrastructure has been posted. A Framework for Protecting our Critical Infrastructure.
  • Update on the Cybersecurity Framework July 1, 2015

  • Update on the Cybersecurity Framework December 5, 2014

  • Update on the Cybersecurity Framework July 31, 2014

  • Update on Development of the Cybersecurity Framework January 15, 2014

  • Update on Development of the Cybersecurity Framework December 4, 2013

  • Update on Development of the Cybersecurity Framework July 24, 2013

Created February 14, 2018, Updated November 15, 2019