Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Updating the NIST Cybersecurity Framework – Journey To CSF 2.0
The NIST Cybersecurity Framework was intended to be a living document that is refined, improved, and evolves over time. These updates help the Framework keep pace with technology and threat trends, integrate lessons learned, and move best practice to common practice. NIST initially produced the Framework in 2014 and updated it in April 2018 with CSF 1.1. Based on stakeholder feedback, in order to reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST is working on a new, more significant update to the Framework: CSF 2.0.
NIST continues to rely on stakeholder feedback. This includes public webinars and workshops, as well as seeking input via a Request for Information along with asking for comments on a concept paper, a discussion draft, and most recently, a draft of the revised CSF 2.0.
Update Progress
CSF 2.0 Drafts
- Draft: The NIST Cybersecurity Framework 2.0
- Please provide feedback and comments by November 4, 2023.
- Discussion Draft: The NIST Cybersecurity Framework 2.0 Core with Implementation Examples. As the CSF 2.0 is finalized, the updated Implementation Examples will be maintained on the NIST CSF website.
- See our NEW NIST Cybersecurity Framework (CSF) 2.0 Reference Tool to explore the Draft CSF 2.0 Core (Functions, Categories, Subcategories, Implementation Examples)
Discussion Draft of the NIST CSF 2.0 Core
- Discussion Draft of the NIST CSF 2.0 Core (April 2023)
- Comments received on the Discussion Draft of the NIST CSF 2.0 Core
Cybersecurity Framework 2.0 Concept Paper
- CSF 2.0 CONCEPT PAPER | “Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework” (January 2023)
- CSF 2.0 Concept Paper Comments Received
Cybersecurity Request for Information
- NIST Summary Analysis of RFI Responses (June 2022)
- RFI Comments Received
- Request for Information (RFI), “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.”(February 2022)
- NIST News Item | NIST Seeks Input to Update Cybersecurity Framework, Supply Chain Guidance (February 2022)
Webinars and Workshops
- New! September 19-20, 2023 | Journey to the NIST CSF 2.0 | Workshop #3 – Learn More!
- IN-PERSON CSF 2.0 WORKING SESSIONS | February 22 or 23, 2023 (half day events).
- VIRTUAL CSF 2.0 WORKSHOP #2 | February 15, 2023 (9:00 AM – 5:30 PM EST). Join us to discuss potential significant updates to the CSF as outlined in the CSF 2.0 Concept Paper.
- “Journey to the NIST Cybersecurity Framework (CSF) 2.0 | Workshop #1” (August 17, 2022)
- Details can be found here along with the full event recording - with 3900+ attendees from 100 countries.
- Workshop #1 Summary Analysis Report (September 9, 2022)
Stay tuned for announcements on future workshops!