Hosted by JANUS Associates and released by The National Institute of Standards and Technology (NIST) is the new version of the Cyber Security framework, version 2.0, aimed at all organizations regardless of type or sector. Jump to the NIST CSF 2.0 document

NIST CSF 2.0 is designed for all audiences, industry sectors, and organization types, from the smallest schools and nonprofits to the largest agencies and corporations — regardless of their degree of cybersecurity sophistication.

CSF 2.0 includes the following components: 

• CSF Core is the nucleus of the CSF, which is a taxonomy of high-level cybersecurity outcomes that can help any organization manage its cybersecurity risks. The CSF Core components are a hierarchy of Functions, Categories, and Subcategories that detail each outcome. These outcomes provide an organization with the flexibility needed to address its unique risks, technologies, and mission considerations.
• CSF Organizational Profiles is a mechanism for describing an organization’s current and/or target cybersecurity posture in terms of the CSF Core’s outcomes.
• CSF Tiers can be applied to CSF Organizational Profiles to characterize the rigor of an organization’s cybersecurity risk governance and management practices. Tiers can also provide context for how an organization views cybersecurity risks and the processes in place to manage those risks.

• The remainder of this document is structured as follows:
  • Section 2 explains the basics of the CSF Core: Functions, Categories, and Subcategories.
  • Section 3 defines the concepts of CSF Profiles and Tiers.
  • Section 4 provides an overview of selected components of the CSF’s suite of online resources: Informative References, Implementation Examples, and Quick Start Guides. 
  • Section 5 discusses how an organization can integrate the CSF with other risk management programs.
  • Appendix A is the CSF Core.
  • Appendix B contains a notional illustration of the CSF Tiers.
  • Appendix C is a glossary of CSF terminology.