Cybersecurity Framework

Videos

The NIST CSF 2.0

See more Videos

CSF 2.0 Webinar Series: Implementing CSF 2.0—The Why, What, and How

Latest Updates

• Seeking comment through September 11, 2025: The NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events that organizations of various sizes and sectors at home and abroad use. The project team is interested in gathering additional comments and feedback prior to publishing the final version. Please send your feedback about this draft publication to ransomware [at] nist.gov (ransomware[at]nist[dot]gov).
• On July 25, 2025, NIST launched the CSF 2.0 Resources page to list publicly available resources submitted by the CSF 2.0 user community. Resource topics include educational materials, examples of use, tools, and informative references. Visit the CSF 2.0 Resources page to learn more about evaluation criteria and how you can submit a resource.
• On July 18, 2025, NIST published a mapping of  the Cybersecurity Framework (CSF) 2.0 to Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (800 171 Rev. 3) (status: draft) to our Online Informative References (OLIR) catalog. The mapping is between functions and categories in the CSF 2.0 and the NIST SP 800-171 Rev. 3 Controlled Unclassified Information (CUI) requirements.
• On May 30, 2025, ISO/IEC-27001:2022-to-Cybersecurity-Framework-v2.0 Informative Reference Details (status: final) was posted to the NIST OLIR (Online Informative References) catalog.
• On April 28, 2025, the CSF 2.0 is now available in Mandarin.  All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.

See more Latest Updates