Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Updating the NIST Cybersecurity Framework – Journey To CSF 2.0
Update to CSF | How to Engage | Fact Sheet | FAQs
Overview
The NIST Cybersecurity Framework was intended to be a living document that is refined, improved, and evolves over time. These updates help the Framework keep pace with technology and threat trends, integrate lessons learned, and move best practice to common practice. NIST initially produced the Framework in 2014 and updated it in April 2018 with CSF 1.1. Based on stakeholder feedback, in order to reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST is planning a new, more significant update to the Framework: CSF 2.0.
NIST intends to continue to rely on and seek stakeholder feedback throughout the process. This will include public webinars and workshops, as well as seeking feedback on at least one CSF 2.0 draft.
Update Progress
Cybersecurity Request for Information
- NIST Summary Analysis of RFI Responses (June 2022)
- RFI Comments Received
- Request for Information (RFI), “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.”(February 2022)
- NIST News Item | NIST Seeks Input to Update Cybersecurity Framework, Supply Chain Guidance (February 2022)
Cybersecurity Framework 2.0 Concept Paper
- CSF 2.0 CONCEPT PAPER | NIST has released the “Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework,” outlining potential significant changes to the Cybersecurity Framework for public review and comment. Please provide feedback by March 3, 2023.
Webinars and Workshops
- IN-PERSON CSF 2.0 WORKING SESSIONS | February 22 or 23, 2023 (half day events).
- VIRTUAL CSF 2.0 WORKSHOP #2 | February 15, 2023 (9:00 AM – 5:30 PM EST). Join us to discuss potential significant updates to the CSF as outlined in the CSF 2.0 Concept Paper.
- “Journey to the NIST Cybersecurity Framework (CSF) 2.0 | Workshop #1” (August 17, 2022)
- Details can be found here along with the full event recording - with 3900+ attendees from 100 countries.
- Workshop #1 Summary Analysis Report (September 9, 2022)
Stay tuned for announcements on future workshops!
CSF 2.0 Drafts
Please stay tuned!