Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cybersecurity Framework

Project Overview

The Cybersecurity Framework is voluntary guidance, based on existing standards, guidelines, and practices, for critical infrastructure organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.

*Federal agencies do have requirements to implement the Cybersecurity Framework; see the U.S. Federal Agency Use FAQs for more information.

For complete content, see: Cybersecurity Framework homepage | FAQs | Newsroom | Events


Version 1.0 of the Framework, Framework for Improving Critical Infrastructure Cybersecurity, was developed in response to Presidential Executive Order (EO) 13636Improving Critical Infrastructure Cybersecurity, which was issued in 2013. Among other things, the EO directed NIST to work with industry leaders to develop the Framework.

The Framework was developed in a year-long, collaborative process in which NIST served as a convener for industry, academia, and government stakeholders. That took place via workshops, extensive outreach and consultation, and a public comment process. NIST's future Framework role is reinforced by the Cybersecurity Enhancement Act of 2014 (Public Law 113-274), which calls on NIST to facilitate and support the development of voluntary, industry-led cybersecurity standards and best practices for critical infrastructure. This collaboration continues as NIST works with stakeholders from across the country and around the world to raise awareness and encourage use of the Framework.

Visit the Cybersecurity Framework homepage.


Cybersecurity Framework


Applications: cybersecurity framework

Laws and Regulations: Executive Order 13636, Executive Order 13800

Created May 24, 2016, Updated February 16, 2018