Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

The NIST Cybersecurity Framework (CSF) 2.0



Cherilyn Pascoe, Stephen Quinn, Karen Scarfone


The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document explains CSF 2.0 and its components and describes some of the many ways that it can be used.
NIST Cybersecurity White Papers (CSWP) - NIST CSWP 29
Report Number


cybersecurity, Cybersecurity Framework (CSF), cybersecurity risk governance, cybersecurity risk management, enterprise risk management, Profiles, Tiers


Pascoe, C. , Quinn, S. and Scarfone, K. (2024), The NIST Cybersecurity Framework (CSF) 2.0, NIST Cybersecurity White Papers (CSWP), National Institute of Standards and Technology, Gaithersburg, MD, [online],, (Accessed April 19, 2024)
Created February 26, 2024