Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST’s Journey to CSF 2.0

The NIST Cybersecurity Framework was designed to be a living document that is refined, improved, and evolves over time (to keep pace with technology and threat trends, integrate lessons learned, and move from best practice to common practice).

The first version of the Framework (CSF 1.0) was released in 2014 and was updated in 2018 (CSF 1.1). To reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST developed a new—updated version—of the Framework (CSF 2.0) in 2024. The journey to the CSF 2.0 all started in 2022.

CSF 2.0 Progression and Activities Timeline:

CSF 2.0 Timeline
Credit: Kristina Rigopoulos

Key Stops Along NIST’s Journey:

Drafts | CSF 2.0

Drafts and Related Documents | CSF 2.0 Core

CSF 2.0 Concept Paper

Development of the NIST CSF 2.0 Reference Tool

  • CSF 2.0 Reference Tool (Explore the Draft CSF 2.0 Core: Functions, Categories, Subcategories, and Implementation Examples)

Cybersecurity Request for Information (RFI)

Created May 26, 2022, Updated March 5, 2024