Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Helping organizations to better understand and improve their management of cybersecurity risk

CSF 2.0

For industry, government, and organizations to reduce cybersecurity risks

Read the Document

Quick Start Guides

For users with specific common goals

View the Quick Start Guides

CSF 2.0 Profiles

Templates and useful resources for creating and using both CSF profiles

See the Profiles

Informative References (Mappings)

See how NIST's resources overlap and share themes

See the Mappings

Videos

The NIST CSF 2.0

See more Videos

CSF 2.0 Webinar Series: Implementing CSF 2.0—The Why, What, and How

Latest Updates

Seeking comment through September 21, 2025: NIST Special Publication (NIST SP) 1331 Quick-Start Guide for Using CSF 2.0 to Improve Management of Emerging Cybersecurity Risks. This publication introduces the topic of emerging cybersecurity risks and explains how organizations can improve their ability to address such risks through existing practices within the cyber risk discipline in conjunction with the NIST Cybersecurity Framework (CSF) 2.0. The guide also emphasizes the importance of integrating these practices with organizational enterprise risk management (ERM) to proactively address emerging risks before they occur. Please send your feedback about this draft publication to csf [at] nist.gov (csf[at]nist[dot]gov).
Seeking comment through September 11, 2025: The NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events that organizations of various sizes and sectors at home and abroad use. The project team is interested in gathering additional comments and feedback prior to publishing the final version. Please send your feedback about this draft publication to ransomware [at] nist.gov (ransomware[at]nist[dot]gov).
On July 25, 2025, NIST launched the CSF 2.0 Resources page to list publicly available resources submitted by the CSF 2.0 user community. Resource topics include educational materials, examples of use, tools, and informative references. Visit the CSF 2.0 Resources page to learn more about evaluation criteria and how you can submit a resource.
On July 18, 2025, NIST published a mapping of the Cybersecurity Framework (CSF) 2.0 to Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (800 171 Rev. 3) (status: draft) to our Online Informative References (OLIR) catalog. The mapping is between functions and categories in the CSF 2.0 and the NIST SP 800-171 Rev. 3 Controlled Unclassified Information (CUI) requirements.
On May 30, 2025, ISO/IEC-27001:2022-to-Cybersecurity-Framework-v2.0 Informative Reference Details (status: final) was posted to the NIST OLIR (Online Informative References) catalog.

See more Latest Updates

Contacts

For further information and/or questions about the Cybersecurity Framework

CONTACT:

[email protected]

Was this page helpful?