Introduction to the CSF 1.1 Roadmap

The Introduction to the Framework Roadmap learning module seeks to inform readers about what the Roadmap is, how it relates to the Framework for Improving Critical Infrastructure Cybersecurity ("The Framework"), and what the Roadmap Areas are.

Introduction to the Roadmap

The Roadmap is a companion document to the Cybersecurity Framework. The Roadmap, while not exhaustive in describing all planned activities within NIST, identifies key activities planned for improving and enhancing the Cybersecurity Framework. These activities may be carried out by NIST in conjunction with private and public sector organizations – or by those organizations independently. While the Roadmap is focused on activities around the Cybersecurity Framework, the results of work described in the Roadmap are expected to be useful to a broader audience to improve cybersecurity risk management.

Roadmap Areas for Development

The Roadmap continues to evolve with the Cybersecurity Framework. Roadmap Version 1.1 identifies 14 high-priority areas for development, alignment, and collaboration.

The 14 areas are:

1. Confidence Mechanisms
2. Cyber-Attack Lifecycle
3. Cybersecurity Workforce
4. Cyber Supply Chain Risk Management
5. Federal Agency Cybersecurity Alignment
6. Governance and Enterprise Risk Management
7. Identity Management
8. International Aspects, Impacts, and Alignment
9. Measuring Cybersecurity
10. Privacy Engineering
11. Referencing Techniques
12. Small Business Awareness and Resources
13. Internet of Things (IoT)
14. Secure Software Development

More information regarding each of these areas is included within the Roadmap located at Framework - Related Efforts.

Additional Resources

Introduction_to_Framework_Roadmap.pptx (PPTX | 627 KB)