Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Cybersecurity Framework (CSF) Reference Tool

The contents of this page is provided here for historical purposes only - this Reference Tool is no longer supported and/or maintained by NIST.

General Description
The NIST CSF reference tool is a FileMaker runtime database solution. It represents the Framework Core which is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions - Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization's management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.

The CSF Reference Tool allows the user to browse the Framework Core by functions, categories, subcategories, informative references, search for specific words, and export the current viewed data to various file types, e.g., tab-separated text file, comma-separated text file, XML, etc.

Systems Requirements
The CSF Reference Tool Windows version has been tested on Microsoft Windows 7 and newer version of the Windows operating system and on OS X 10.8 and newer version of the Apple OS X operating system.The application is a self-contained read-only executable.

Getting started with the CSF Reference Tool
Download the CSF Reference Tool files:

Microsoft Windows Version [SHA256: 36b8b9aed45539c942ca2f01dbc15e83e8ebeb2e70a56947c924c003091c6e33]

Apple OS X Version [SHA256: c5094c6fbb6a64949e2665efeab6236f1226eabbd0089d42d3bd53b041eb5820]

To instantiate the application, extract the zip archive in a directory where the user has read, write, and execute permissions. Open the NIST-CSF directory and double-click the NIST-CSF (.exe extension) file on Windows systems and NIST-CSF(.app extension) file on OS X systems to run the application.

The home screen of the application displays the various components of the Cybersecurity Framework Core such as:
- Functions (Identify, Protect, etc.)
- Categories (Asset Management, Business Environments, etc.)
- Informative References (CCS CSC, COBIT 5, etc.)

- Click on the Cybersecurity Framework Core and its various labels. This will take the user to an associated detailed view that allows the user to browse the corresponding data.
- Click on the Home label. This will take the user back to the home screen.
- Click on the Export label. This will allow the user to export the data displayed in the current view in different user selectable file formats such as Tab-Separated Text, Excel Workbook, HTML, XML, etc.
- Click in the Search text box in the upper right hand corner. This will allow the user to perform a global search for a particular term.

License, copyright, and distribution
This software was developed at the National Institute of Standards and Technology by employees of the Federal Government in the course of their official duties. Pursuant to title 17 Section 105 of the United States Code this software is not subject to copyright protection and is in the public domain. The NIST CSF Reference Tool is a proof of concept application. NIST assumes no responsibility whatsoever for its use by other parties, and makes no guarantees, expressed or implied, about its quality, reliability, or any other characteristics.

Comments and feedback
Please direct questions, comments, and feedback to csf-tool [at] (csf-tool[at]nist[dot]gov).


Further information and/or questions about the Cybersecurity Framework

Created July 16, 2014, Updated March 8, 2021