Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Framework

Updates Archive

2026 2025

2024 2023 2022 2021 2020 2019

2018 2017 2016 2015 2014 2013

2026

NIST has finalized Special Publication (SP) 800-70r5 (Revision 5), National Checklist Program for IT Products – Guidelines for Checklist Users and Developers. The update includes an appendix with enhanced mapping concepts between checklist settings, NIST Cybersecurity Framework (CSF) 2.0 outcomes, SP 800-53 controls, and Common Configuration Enumeration (CCE) identifiers for evidence-ready automation and reporting.
The NIST National Cybersecurity Center of Excellence (NCCoE) released the draft NIST Internal Report (IR) 8323 Revision 2, Foundational PNT Profile: Applying the Cybersecurity Framework (CSF) for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services.
Upcoming Event: Data Governance and Management Profile – Virtual Working Session 2
Upcoming Event: Spring 2026 CSF 2.0 Cyber AI Profile Virtual Working Sessions
New CSF 2.0 Online Informative Reference (OLIR) Posted: SP-800-81-r3-to-Cybersecurity-Framework-v2.0 [04-24-2026]
New CSF 2.0 Online Informative Reference (OLIR) Posted: BXAI-OS-to-CSF-v2.0 [04-24-2026]
New CSF 2.0 Online Informative Reference (OLIR) Posted: OWASP-LLM-Top10-v2.0-to-CSF-v2.0 [04-08-2026]
Open for public comment until May 6, 2026: CSF 2.0 Informative References Quick‑Start Guide. This draft explains how to find, filter, and apply informative references using NIST tools. Review and submit comments here.
The final version of NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide (SP 1308) is now available.
March 23, 2026, NIST Cybersecurity Insights Blog: Reflections from the Second NIST Cyber AI Profile Workshop.
February 24, 2026: Celebrating Two Years of CSF 2.0! View the anniversary blog.
The Transit Cybersecurity Framework Community Profile (NIST Internal Report (IR) 8576) initial public draft is now available for public comment through February 23, 2026.
On January 14, 2026, the NIST National Cybersecurity Center of Excellence (NCCoE) held a full-day hybrid workshop to discuss the Preliminary Draft of the NIST Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile).

2025

On December 18, 2025, NIST published three updated NIST IR 8286 publications (8286r1, 8286Ar1, and 8286Cr1) to align more closely with the CSF 2.0 and other updated NIST guidelines. The NIST IR 8286 series helps practitioners understand the critical connection between cybersecurity and Enterprise Risk Management.
NIST Special Publication (SP) 800-70r5 ipd (Revision 5, initial public draft), National Checklist Program for IT Products – Guidelines for Checklist Users and Developers, is now available for public comment through January 16, 2026, at 11:59 PM. The update includes an appendix with enhanced mapping concepts between checklist settings, NIST Cybersecurity Framework (CSF) 2.0 outcomes, SP 800-53 controls, and Common Configuration Enumeration (CCE) identifiers for evidence-ready automation and reporting.
Second Public Draft Released for Comment— NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide. The comment period for NIST SP 1308 2pd is open through January 7, 2026, at 11:59 PM (EST). Email comments to: csf [at] nist.gov (csf[at]nist[dot]gov).
On November 17, 2025, NICE-v2.0.0-to-CSF-v2.0 (status: final), CSFv2.0-to-SP-800-53-Rev-5-2-0 (status: final), and Cyber-Governance-Code-of-Practice-to-CSF-v2.0 (status: final) were posted to the NIST OLIR (Online Informative References) catalog.
Seeking comments through November 17, 2025: The NIST Internal Report (IR) 8183 Revision 2, Cybersecurity Framework Version 2.0 Manufacturing Profile. The Profile is structured around the NIST CSF 2.0 Functions: Govern, Identify, Protect, Detect, Respond, and Recover. These Functions form the basis for prioritizing cybersecurity outcomes tailored to the manufacturing sector, enabling manufacturers to align their cybersecurity efforts with business needs, risk tolerance, and available resources.
Seeking comment through September 21, 2025: NIST Special Publication (NIST SP) 1331 Quick-Start Guide for Using CSF 2.0 to Improve Management of Emerging Cybersecurity Risks. This publication introduces the topic of emerging cybersecurity risks and explains how organizations can improve their ability to address such risks through existing practices within the cyber risk discipline in conjunction with the NIST Cybersecurity Framework (CSF) 2.0. The guide also emphasizes the importance of integrating these practices with organizational enterprise risk management (ERM) to proactively address emerging risks before they occur. Please send your feedback about this draft publication to csf [at] nist.gov (csf[at]nist[dot]gov).
Seeking comment through September 11, 2025: The NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile reflects changes made to the Cybersecurity Framework (CSF) from CSF 1.1 to CSF 2.0 which identifies security objectives that support managing, detecting, responding to, and recovering from ransomware events that organizations of various sizes and sectors at home and abroad use. The project team is interested in gathering additional comments and feedback prior to publishing the final version. Please send your feedback about this draft publication to ransomware [at] nist.gov (ransomware[at]nist[dot]gov).
On July 25, 2025, NIST launched the CSF 2.0 Resources page to list publicly available resources submitted by the CSF 2.0 user community. Resource topics include educational materials, examples of use, tools, and informative references. Visit the CSF 2.0 Resources page to learn more about evaluation criteria and how you can submit a resource.
On July 18, 2025, NIST published a mapping of the Cybersecurity Framework (CSF) 2.0 to Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (800 171 Rev. 3) (status: draft) to our Online Informative References (OLIR) catalog. The mapping is between functions and categories in the CSF 2.0 and the NIST SP 800-171 Rev. 3 Controlled Unclassified Information (CUI) requirements.
On May 30, 2025, ISO/IEC-27001:2022-to-Cybersecurity-Framework-v2.0 Informative Reference Details (status: final) was posted to the NIST OLIR (Online Informative References) catalog.
On April 28, 2025, the CSF 2.0 is now available in Mandarin. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On April 18, 2025, the CSF 2.0 is now available in Thai. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On April 8, 2025, the Department for Science, Innovation & Technology in the United Kingdom (UK) published a mapping of the UK Cyber Governance Code of Practice to the NIST Cyber Security Framework (CSF). This mapping document is for boards, directors and Chief Information Security Officers (or equivalent) and will help understand the Cyber Governance Code of Practice.
On April 7, 2025, Boise State University’s Office of Information Technology announced they are adopting the NIST CSF to boost research capacity—“a significant step that enhances the university’s ability to compete for sponsored projects requiring controlled data management (e.g., covered defense information, protected health information) and reinforces its commitment to cybersecurity excellence.”
On April 3, 2025, NIST hosted the Cyber AI Profile Workshop. The slides and event recording are available here.
On April 3, 2025, NIST published the final version of NIST Special Publication 800-61r3, Incident Response Recommendations and Considerations for Cybersecurity Risk Management: A CSF 2.0 Community Profile. This publication seeks to assist organizations with incorporating cybersecurity incident response recommendations and considerations throughout their cybersecurity risk management activities as described by the NIST Cybersecurity Framework (CSF) 2.0.
On March 25, 2025, NIST’s Stephen Quinn, the project lead for the Cybersecurity Framework, provided a comprehensive overview of the key updates and transformative features in CSF version 2.0. This overview can be found in the GovCIO Cybercast Season 6 Episode 12 titled Inside the Latest Version of NIST’s Cybersecurity Framework.
On March 20, 2025, the CSF team presented the first episode of NIST’s new multi-part webinar series – Implementing CSF 2.0 - The Why, What, and How. The recording and slides can be found here.
On March 12, 2025, NIST published the Initial Public Draft (IPD) of NIST Special Publication 1308, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick Start Guide. The comment period is open through April 25, 2025, at 11:59 PM.
The NIST National Cybersecurity Center of Excellence (NCCoE) will be aligning the NIST Internal Report (IR) 8323r1, Foundational Position, Navigation, and Timing (PNT) Profile: Applying the Cybersecurity Framework (CSF) for the Responsible Use of PNT Services with the NIST Cybersecurity Framework 2.0 and requests feedback on this effort using a short questionnaire. The questionnaire for the revision of NIST IR 8323 will be open for comments through April 25, 2025. View the Cybersecurity Framework Profile for PNT project page.
The NIST National Cybersecurity Center of Excellence (NCCoE), along with the SEMI Semiconductor Manufacturing Cybersecurity Consortium, has released Draft NIST Internal Report (NIST IR) 8546, Cybersecurity Framework (CSF) 2.0 Semiconductor Manufacturing Community Profile, for public comment until 11:59 PM ET on Monday, April 14, 2025.
On February 26, 2025, NIST published a Cybersecurity Insights Blog post to celebrate 1 year of the CSF 2.0. The blog shares new CSF 2.0 resources, takes a retrospective look at the CSF team’s accomplishments over the last year, and highlights how individuals and organizations can stay involved in our CSF 2.0 work.
On February 13, 2025, the CSF 2.0 is now available in Japanese and Norwegian. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On February 4, 2025, The CSF 2.0 is now available in Greek. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On January 22, 2025, the CSF 2.0 team presented at the ISC2 Spotlight Virtual Event titled “Beyond the Basics: Exploring NIST Cybersecurity Framework 2.0.” View a PDF of the presentation here.
On January 13, 2025, the NIST National Cybersecurity Center of Excellence (NCCoE) published an initial public draft of NIST Interagency Report (NIST IR) 8374 Revision 1, Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile. Comments are due by March 14, 2025.

2024

On December 16, 2024, The NIST National Cybersecurity Center of Excellence (NCCoE) has released Draft NIST Internal Report (IR) 8467, Genomic Data Cybersecurity and Privacy Frameworks Community Profile (Genomic Data Profile), which provides a structured, risk-based approach for managing both cybersecurity and privacy risks in processing genomic data. The updated draft incorporates the CSF 2.0 and NIST Privacy Framework (PF) version 1.0 to help organizations prioritize cybersecurity and privacy capabilities. This publication is the first joint CSF and PF Community Profile developed by NIST. Learn more here.
On December 10, 2024, The NIST National Cybersecurity Center of Excellence (NCCoE) hosted a webinar titled “NIST Cybersecurity Framework Community Profiles Workshop.” The event recording is available here.
On December 5, 2024, the NIST Cybersecurity Framework 2.0 Quick-Start Guide for Creating and Using Organizational Profiles is now available in French, Portuguese and Spanish. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On November 25, 2024, the NIST Cybersecurity Framework 2.0 Resource & Overview Guide is now available in French, Portuguese and Spanish. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On November 21, 2024, The CSF 2.0 is now available in French and German. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page (more are expected in the near future).
On November 13, 2024, The CSF 2.0 is now available in Polish. All translations can be found on the Translations of NIST Cybersecurity and Privacy Resources page.
On October 21, 2024, NIST published the final version of the CSF 2.0 Quick Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM)
We’re celebrating Cybersecurity Awareness Month by sharing even more CSF 2.0 resources. Learn more!
NEW Supplemental Spreadsheet: Cybersecurity Framework 1.1 to 2.0 Core Transition Changes Overview. Today, the final version of the OLIR Mapping from the 800-53rev 5.1.1 to the CSF 2.0 was posted: National Online Informative References Program | CSRC (nist.gov)
The CSF 2.0 is now available in Spanish and Portuguese. All translations can be found on the NIST International Cybersecurity and Privacy Resources page (more are expected in the near future).
NIST awarded ‘Ecosystem Champion’ Cyber Policy Award for CSF 2.0 efforts on April 24, 2024.
A CSF 2.0 Community Profiles NCCoE Webinar took place on April 23, 2024 and focused on opportunities to help organizations develop community profiles based on the CSF 2.0.
On March 20, 2024, NIST hosted a webinar titled “Overview of the NIST Cybersecurity Framework 2.0 Small Business Quick Start Guide.” The video recording and slides are available here.
Aspen Institute hosted a discussion on CSF 2.0, including the Under Secretary for Standards and Technology and NIST Director Laurie Locascio. The video recording is available as a resource.
The NCCoE has released Draft NIST IR 8467, Cybersecurity Framework (CSF) Profile for Genomic Data. This CSF Profile provides voluntary, actionable guidance to help organizations manage, reduce, and communicate cybersecurity risks for systems, networks, and assets that process any type of genomic data.
The NCCoE published Final NIST IR 8432, Cybersecurity of Genomic Data. This report summarizes the current practices, challenges, and proposed solutions for securing genomic data, as identified by genomic data stakeholders from industry, government, and academia.
The NIST NCCoE has published the final version of NIST Internal Report (NIST IR) 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure

2023

Journey to the NIST CSF 2.0 Workshop #3 | September 19-20, 2023
Now Available for Public Comment — Draft NIST IR 8473, Cybersecurity Framework Profile for Electric Vehicle Extreme Fast Charging Infrastructure
The NCCoE has published the final version of NIST IR 8406, Cybersecurity Framework Profile for Liquefied Natural Gas.
The NCCoE has published for comment Draft NIST IR 8441, Cybersecurity Framework Profile for Hybrid Satellite Networks (HSN). The public comment period for this draft is now open until 11:59 p.m. ET on July 5, 2023.
Just released: Discussion Draft of the NIST CSF 2.0 Core - feedback on this discussion draft may be submitted at any time. However, for comments to inform the upcoming complete NIST CSF 2.0 draft they must be submitted by May 31st.The comment deadline for the Cybersecurity Framework 2.0 Concept Paper ended on March 17th, 2023.
NIST has released NIST IR 8323 Revision 1 | Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of PNT Services.
NIST has released the “Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework,” outlining potential significant changes to the Cybersecurity Framework for public review and comment. Please provide feedback by March 3, 2023. The Paper will be discussed at the upcoming CSF 2.0 Workshop #2 on February 15, 2023 and the CSF 2.0 Working Sessions on February 22-23, 2023.
IN-PERSON CSF 2.0 WORKING SESSIONS | February 22 or 23, 2023 (half day events). Attendees should only register for ONE session.
VIRTUAL WORKSHOP #2 | February 15, 2023 (9:00 AM – 5:30 PM EST). Join us to discuss potential significant updates to the CSF as outlined in the soon-to-be-released CSF Concept Paper.

2022

A recording of a Framework Version 2.0 informal discussion, hosted by NIST and the Depart. of Treasury OCCIP on September 12, 2022 is now available.
Draft NIST IR 8406, Cybersecurity Framework Profile for Liquefied Natural Gas - is now open for public comment through November 17th.
NISTIR 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, has now been released as final. This report continues an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management, and provides additional detail regarding the enterprise application of cybersecurity risk information.
Responding to suggestions from participants during the recent CSF 2.0 workshop, NIST has improved its CSF web page by elevating attention to Examples of Framework Profiles The page, which now is easier to find, features links to more than a dozen profiles produced by NIST or others.
The first workshop on the NIST Cybersecurity Framework update, “Beginning our Journey to the NIST Cybersecurity Framework 2.0”, was held virtually on August 17, 2022 with 3900+ attendees from 100 countries in attendance. Details can be found here (the full event recording is NOW AVAILABLE).
A CSF Draft Profile, “Draft Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services” (Draft NISTIR 8323 Revision 1), is available for public comment through August 12, 2022. This Revision includes five new Cybersecurity Framework subcategories, and two new appendices.
A CSF Draft Profile, Cybersecurity Profile for Hybrid Satellite Networks (HSN) Draft Annotated Outline (Draft White Paper NIST CSWP 27) is available for public comment through August 9, 2022. This Profile will consider the cybersecurity of all the interacting systems that form the HSN rather than the traditional approach of the government acquiring the entire satellite system that includes the satellite bus, payloads, and ground system.
On June 3, 2022, NIST announced it would proceed with an update the Cybersecurity Framework, toward CSF 2.0. A blog post by NIST staff Cherilyn Pascoe outlines what stakeholders can expect with the update. You can also track the update process on the CSF 2.0 webpage. As part of this announcement, NIST posted a summary analysis of the comments received in response to the cybersecurity Request for Information issued February 2022. All RFI comments received are also available on the website.
Draft NISTIR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response, is available for public comment through July 18, 2022. This report continues an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management, and provides additional detail regarding the enterprise application of cybersecurity risk information.
Check out the Speaker Series, hosted by the NCCoE, focusing on the development of a Framework Profile for the Liquefied Natural Gas Industry on May 24, 2022.
The Ransomware Risk Management Profile: Ransomware Risk Management: A Cybersecurity Framework Profile is now final and a quick start guide is available.
We are excited to announce that the Framework has been translated into Ukrainian!
NIST Seeks Input to Update Cybersecurity Framework, Supply Chain Guidance
NIST has issued an RFI for Evaluating and Improving NIST Cybersecurity Resources - responses are due by April 25, 2022.
We are excited to announce that the Framework has been translated into French!
Draft NISTIR 8286C, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, is now available for public comment! This report continues an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management, and provides additional detail regarding the enterprise application of cybersecurity risk information.
See our latest Success Story featuring how the Lower Colorado River Authority (LCRA) [nist.gov] implemented a risk-based approach to the CSF and tailored it to meet their unique needs.
NIST has released a Cybersecurity White Paper, Benefits of an Updated Mapping Between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards, which describes a recent mapping initiative between the NERC CIP standards and the NIST Cybersecurity Framework. In addition, a mapping is available to show which Cybersecurity Framework Subcategories can help organizations achieve a more mature CIP requirement compliance program.

2021

NIST has released a draft ransomware risk management profile, The Cybersecurity Framework Profile for Ransomware Risk Management, Draft NISTIR 8374, which is now open for comment through October 8, 2021.
Draft NISTIR 8286B, Prioritizing Cybersecurity Risk for Enterprise Risk Management, is now available for public comment! This report continues an in-depth discussion of the concepts introduced in NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management, with a focus on the use of enterprise objectives to prioritize, optimize, and respond to cybersecurity risks.
NIST just released Security Measures for “EO-Critical Software” Use Under Executive Order (EO) 14028 to outline security measures intended to better protect the use of deployed EO-critical software in agencies’ operational environments.
A second public draft of NISTIR 8286A is available: "Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management." The comment period is open through August 6, 2021.
NIST has released a draft version of NISTIR 8374 - Cybersecurity Framework Profile for Ransomware Risk Management. This profile can be used as a guide to managing the risk of ransomware events. Please submit your comments by July 9th.
To highlight our ongoing international engagement, we’ve collected a series of videos that show how our partners across the world are looking at various cybersecurity and privacy issues that we at NIST are also tracking. Check these videos out HERE!
Getting started using the Cybersecurity Framework just got easier with this new Quick Start Guide!
RSA Conference 2021 was unique this year as it was a virtual experience, but it still successfully brought together the cybersecurity community with well-attended sessions led by NIST experts—session topics included: AI-enabled technology, data breaches, telehealth cybersecurity, PNT services, and IoT. For a full list of our 2021 RSAC sessions, see: https://www.nccoe.nist.gov/events/rsa-conference-2021[nccoe.nist.gov].
The International Organization for Standardization (ISO), in conjunction with the International Electrotechnical Commission (IEC), has published ISO/IEC 27110: Information technology, cybersecurity and privacy protection — Cybersecurity framework development guidelines. This document specifies guidelines for developing a cybersecurity framework. The guidelines specify that all cybersecurity frameworks should have the following concepts: Identify, Protect, Detect, Respond, Recover.
NIST is pleased to announce the release of NISTIR 8323 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. The PNT Profile was created by using the NIST Cybersecurity Framework and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services.
Check out Kevin Stine’s latest blog (2021: What’s Ahead from NIST in Cybersecurity and Privacy?) which highlights NIST's decision to focus on nine priority areas over the next several years.

2020

Check out NISTIR 8286A (Draft) - Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM), which provides a more in-depth discussion of the concepts introduced in the NISTIR 8286 and highlights that cybersecurity risk management (CSRM) is an integral part of ERM.
NIST is pleased to announce the release of NISTIRs 8278 & 8278A for the Online Informative References Program. These reports focus on 1) OLIR program overview and uses (NISTIR 8278), and 2) submission guidance for OLIR developers (NISTIR 8278A).
NIST is pleased to announce the release of NISTIR 8323 (Draft) Cybersecurity Profile for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services. The comment period is open through November 23, 2020 with instructions for submitting comments available HERE.
NIST just published NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
Check out NIST’s new Cybersecurity Measurements for Information Security page!
Check out the Cybersecurity Framework’s Critical Infrastructure Resource page, where we added the new Version 1.1 Manufacturing Profile.
On September 22-24, 2020, the IAPP will host a virtual workshop on the development of a workforce capable of managing privacy risk. NIST will join the IAPP to lead working sessions where stakeholders can share feedback on the roles, tasks, knowledge, and skills that are necessary to achieve the Privacy Framework’s outcomes and activities.
NIST hosted the NIST Profile on Responsible Use of Positioning, Navigation, and Timing (PNT) Services virtual workshop on September 15-16, 2020. To learn more about this event, please visit the event homepage HERE.
Check out the latest two draft NISTIRs 8278 & 8278A for the Online Informative References Program. The draft reports focus on 1) OLIR program overview and uses (NISTIR 8278), and 2) submission guidance for OLIR developers (NISTIR 8278A).
Thank you to those who submitted comments on the 2nd Draft of NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM).
The latest blog, Keeping the Lights On, by Ron Ross has now been posted!
Check out the latest webinar - The Missing Link: Integrating Cybersecurity and ERM - to learn how a panel of experts has used ERM principles in leading cybersecurity frameworks and methods to bring cybersecurity risks into context at the enterprise level.
Check out the Cybersecurity Framework Critical Infrastructure Resources newest addition, Federal Energy Regulatory Commission’s Cybersecurity Incentives Policy White Paper (DRAFT), a white paper on potential incentives to encourage utilities to go above and beyond mandated cybersecurity measures.
New Success Stories demonstrate how several diverse organizations all leverage the Cybersecurity Framework differently to improve their cybersecurity risk management.
We are excited to announce that the Framework has been translated into Bulgarian!
Check out the blog by NIST’s Amy Mahn on engaging internationally to support the Framework!
Check out the Cybersecurity Framework International Resources [nist.gov] page, where we added a new resource category (Additional Guidance) and another resource (The Coalition to Reduce Cyber Risk's Seamless Security: Elevating Global Cyber Risk Management Through Interoperable Frameworks [static1.squarespace.com]).
NIST has released Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment. This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches. The public comment period closes on April 20, 2020. See the publication details for a copy of the draft and instructions for submitting comments.
NIST has published NISTIR 8170, Approaches for Federal Agencies to Use the Cybersecurity Framework. It provides guidance on how the Cybersecurity Framework can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications.
Given the growing global concern over the spread of the coronavirus (COVID-19), it is in the best interest of the attendees, speakers, and staff to cancel this year’s NIST Advancing Cybersecurity Risk Management Conference. Please stay tuned for future opportunities to engage, including potential virtual events.
A draft revision of NISTIR 8183, the Cybersecurity Framework (CSF) Manufacturing Profile, has been developed that includes the subcategory enhancements established in NIST's Framework Version 1.1. The public comment period for this document ends May 4, 2020.
Thank you to all who attended #RSAC2020 and had a chance to chat/interact with our team #NISTatRSAC! If you were unable to attend, be sure to check out the NCCoE session recaps: https://www.nccoe.nist.gov/events/rsa-conference-2020
In case you missed it, check out the recording of the "Promoting Cyber Interoperability: The Path Forward" event hosted by CSIS
Version 1.0 of the voluntary @NIST #Privacy Framework was just released! Check it out and consider adopting today.
Consider registering for the Privacy Framework Webinar, on January 29th, which will talk about its relationship with the Cybersecurity Framework. Also, consider the upcoming NICE Webinar, also on January 29th, which will talk about learning principles for cybersecurity practice

2019

Thank you to those who participated in the December 10th SMB Webinar. For those who missed it, the recording is now available!
Check out the latest blog on Framework engagement with the international community HERE!
Check out our newest Success Story that comes from the Israel National Cyber Directorate, check it out HERE!
Save the Date: NIST plans to host a workshop on Cybersecurity Online Informative References at the National Cybersecurity Center of Excellence(NCCoE), 9700 Great Seneca Highway, Rockville, Maryland on December 3^rd, 2019. Click here for the conference notice!
National Cybersecurity Awareness Month (NCSAM) 2019 has now come to a close. At NIST, we worked throughout the month of October to celebrate cybersecurity through awareness of our publications and work, news, and special events. Thank you for celebrating right along with us!
OAS and AWS recently released a White Paper to Strengthen Cybersecurity Capacity in the Americas through the NIST Cybersecurity Framework
On August 16-17, Amy Mahn from the Applied Cybersecurity Division participated in a workshop organized by the International Trade Administration (ITA) on “Facilitating Trade through Adherence to Globally-Recognized Cybersecurity Standards and Best Practices” as part of the Asia-Pacific Economic Cooperation (APEC) Senior Officials Meeting in Puerto Varas, Chile.
Amy Mahn, International Policy Specialist at NIST, stresses the importance of international collaboration and alignment for the Cybersecurity Framework effort in the new article, “Picking up the Cybersecurity Framework’s Pace Internationally.” See: https://www.nist.gov/cyberframework/picking-frameworks-pace-internationally.
At the U.S. Chamber's Cybersecurity Series in Seattle on June 19th, NIST's Adam Sedgewick discussed how small businesses can put the Framework to use in managing cybersecurity risks.
A draft implementation guide (NISTIR 8183A) for the Cybersecurity Framework Manufacturing Profile Low Security Level has been developed for managing cybersecurity risk for manufacturers.
We are excited to announce that the Framework has been translated into Portuguese!
Roadmap for Cybersecurity Framework Version 1.1 has just been released, check it out HERE!
NISTIR 8204 has now been release, check it out HERE!
The recording of our April 26th webinar: "Next Up! Cybersecurity Framework Webcast: A Look Back, A Look Ahead" is now available HERE.
Version 1.1 of the Baldrige Cybersecurity Excellence Builder has just been released, check it out HERE!
The NIST director's remarks on Cybersecurity and Privacy updates at RSA are now available
Come check us out at RSA!
Check out our new infographic which highlights the impact the Framework has had across industry.
Happy Anniversary! It has been five years since the release of the Framework for Improving Critical Infrastructure Cybersecurity and organizations across all sectors of the economy are creatively deploying this voluntary approach to better management of cybersecurity-related risks.

2018

The Framework has now been downloaded more than half a million times, with Version 1.1 eclipsing over a quarter million downloads in just over nine months!
New Success Stories demonstrate how several diverse organizations all leverage the Cybersecurity Framework differently to improve their cybersecurity risk management.
With over 900 registrants and a packed agenda, the Cybersecurity Risk Management Conference in Baltimore, MD was a great success! If you haven't already, please let us know what you think about the conference through the participant survey and Guidebook ratings. Presentation slides will be made available in the coming weeks, stay tuned.
New Success Stories demonstrate how several diverse organizations all leverage the Cybersecurity Framework differently to improve their cybersecurity risk management.
The video recording of the "Next Up!" Webcast which focused on recent multi-sector work-products that exemplify best practices for cybersecurity risk management incorporating the Framework is now available.
In just six months since its April 2018 release, V1.1 of the Cybersecurity Framework already has been downloaded over 205,000 times. That compares with approximately 262,000 total downloads of V1.0 over four years!
We are getting close to the Cybersecurity Risk Management Conference!
Registration for the 2018 NIST Cybersecurity Risk Management Conference -- to be held November 7-9, 2018, at the Renaissance Baltimore Harborplace Hotel, in Baltimore, Maryland -- is now open. Sponsored by NIST, the three-day conference is expected to attract leaders from industry, academia, and government at all levels, including international attendees.
A recording of the July 9th webcast: 'Lessons Learned in Using the Baldrige Cybersecurity Excellence Builder with the Cybersecurity Framework' is now available. It can be found HERE.
Save the Date: NIST plans to host the Cybersecurity Risk Management Conference -- likely in Baltimore, MD -- during the week of November 4th. This event will expand on previous Framework workshops and incorporate other elements of cybersecurity risk management. Stay tuned!
Version 1.1 of the Framework was published on April 16, 2018. The document has evolved to be even more informative, useful, and inclusive for all kinds of organizations. Version 1.1 is fully compatible with Version 1.0 and remains flexible, voluntary, and cost-effective. Among other refinements and enhancements, the document provides a more comprehensive treatment of identity management and additional description of how to manage supply chain cybersecurity.
The recorded version of the April 27th webcast is available.
Success Stories regarding Framework use / Implementation have been added to the website! Our first Success Story comes from the University of Chicago, check it out HERE!
Start Using the Baldrige Cybersecurity Tool: Here's Help. First, the Information Security Team of the University of Kansas Medical Center (KUMC) began using the Baldrige Cybersecurity Excellence Builder (BCEB) -- which is a voluntary self-assessment tool based on the Cybersecurity Framework. Learn about their experience at: https://www.nist.gov/blogs/blogrige/start-using-baldrige-cybersecurity-tool-heres-help
Also, the next Baldrige Cybersecurity Excellence Builder Workshop, April 8, 8:30-3:30 pm, in Baltimore, MD. It's a practical, interactive workshop on using the Baldrige Cybersecurity Excellence Builder (BCEB).
RFC comments received on Draft 2 of Framework Version 1.1 and the Roadmap are now being reviewed. All responses will be published publicly in the coming weeks. NIST appreciates your feedback and as always, any additional comments can be directed to cyberframework [at] nist.gov (cyberframework[at]nist[dot]gov(link sends e-mail)).
Two December 2017 webcasts about Framework basics and the proposed updates to Framework and Roadmap are now available for playback.
A mapping of the Framework Core to NIST SP 800-171 Revision 1 has recently been published. This can be found in Appendix D of the publication(link is external).