Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

This page is no longer being updated and the information may be out of date.

CSF 1.1 Risk Management Resources

The following links provide resources pertinent to the specific groups:


Assessment & Auditing

Critical Infrastructure

Example Profiles






Success Stories

This is a listing of publicly available Framework resources. Resources include, but are not limited to: approaches, methodologies, implementation guides, mappings to the Framework, case studies, educational materials, Internet resource centers (e.g., blogs, document stores), example profiles, and other Framework document templates.

Criteria for Inclusion

If your resource is: publicly available on the Internet, accurate and comprehensive for a given dimension of the Framework, and freely available for others to use (we welcome free resources from for-profit entities), it meets the basic criteria for inclusion in the Framework Web site. Pay-for resources associated with non-profit entities also meet the basic criteria for inclusion in the Web site. If your resource qualifies and you would like it listed at the Framework Industry Resources Web page, send a description of your resource to cyberframework [at] (cyberframework[at]nist[dot]gov).

Representations and Warranties

Certain commercial entities, equipment, or materials may be identified in this Web site or linked Web sites in order to support Framework understanding and use. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Created February 1, 2018, Updated February 26, 2024