An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NIST Cybersecurity Framework was designed to be a living document that is refined, improved, and evolves over time (to keep pace with technology and threat trends, integrate lessons learned, and move from best practice to common practice).
The first version of the Framework (CSF 1.0) was released in 2014 and was updated in 2018 (CSF 1.1). To reflect the ever-evolving cybersecurity landscape and to help organizations more easily and effectively manage cybersecurity risk, NIST developed a new—updated version—of the Framework (CSF 2.0) in 2024. The journey to the CSF 2.0 all started in 2022.
CSF 2.0 Progression and Activities Timeline:
Development of the NIST CSF 2.0 Reference Tool