Pascoe, C.
, Quinn, S.
and Scarfone, K.
(2024),
The NIST Cybersecurity Framework (CSF) 2.0, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.29, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=957258
(Accessed October 8, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NIST Cybersecurity Framework (CSF) 2.0
Published
Author(s)
, ,
Abstract
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document explains CSF 2.0 and its components and describes some of the many ways that it can be used.Citation
NIST Cybersecurity White Papers (CSWP) - NIST CSWP 29
Report Number
NIST CSWP 29
Pub Type
NIST Pubs
Download Paper
Keywords
cybersecurity, Cybersecurity Framework (CSF), cybersecurity risk governance, cybersecurity risk management, enterprise risk management, Profiles, Tiers
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created February 26, 2024