Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
NIST’s Journey to CSF 2.0
The NIST Cybersecurity Framework was designed to be a living document that is refined, improved, and evolves over time (to keep pace with technology and threat trends, integrate lessons learned, and move from best practice to common practice).
The first version of the Framework (CSF 1.0) was released in 2014 and was updated in 2018 (CSF 1.1). To reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST developed a new—updated version—of the Framework (CSF 2.0) in 2024. The journey to the CSF 2.0 all started in 2022.
CSF 2.0 Progression and Activities Timeline:
Key Stops Along NIST’s Journey:
Drafts | CSF 2.0
Drafts and Related Documents | CSF 2.0 Core
- Discussion Draft | NIST CSF 2.0 Core
- Discussion Draft | NIST CSF 2.0 Core with Implementation Examples
- Comments Received | Discussion Draft of NIST CSF 2.0 Core
CSF 2.0 Concept Paper
Development of the NIST CSF 2.0 Reference Tool
- CSF 2.0 Reference Tool (Explore the Draft CSF 2.0 Core: Functions, Categories, Subcategories, and Implementation Examples)