Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Publications

Other (Initial Public Draft)

Discussion Draft of the NIST Cybersecurity Framework 2.0 Core with Implementation Examples

Date Published: August 8, 2023
Comments Due: November 6, 2023 (public comment period is CLOSED)
Email Questions to: cyberframework@nist.gov

Planning Note (02/26/2024):

The NIST Cybersecurity Framework (CSF) 2.0 is now available.


Author(s)

National Institute of Standards and Technology

Announcement

This is the discussion draft of Implementation Examples (Examples) for the NIST Cybersecurity Framework (CSF or Framework) 2.0. It complements and is based on the Core from the NIST CSF 2.0 Public Draft, also open for comment. NIST seeks input on: 

  • concrete improvements to the Examples;
  • whether the Examples are written at an appropriate level of specificity and helpful for a diverse range of organizations;
  • what other types of Examples would be most beneficial to Framework users;
  • what existing sources of implementation guidance might be readily adopted as sources of Examples (such as the NICE Framework Tasks);
  • how often Examples should be updated; and 
  • whether and how to accept Examples developed by the community.

Feedback on this draft may be submitted to cyberframework@nist.gov by Friday, November 4, 2023 11:59 pm ET Monday, November 6, 2023. 

All relevant comments, including attachments and other supporting material, will be made publicly available on the NIST CSF 2.0 website. Personal, sensitive, confidential, or promotional business information should not be included. Comments with inappropriate language will not be considered.

CSF 2.0 Examples will be published and maintained only online on the NIST Cybersecurity Framework website, leveraging the NIST Cybersecurity and Privacy Reference Tool (CPRT). This will allow Examples and Informative References to be updated more frequently than the rest of the Core. In the coming weeks, NIST will release an initial version of this online tool for users to download and search the draft Core. Resource owners and authors who are interested in mapping their resources to the final CSF 2.0 to create Informative References should reach out to NIST.

Cherilyn Pascoe   
NIST Cybersecurity Framework Program Lead   
cyberframework@nist.gov

Control Families

None selected

Documentation

Publication:
Download URL

Supplemental Material:
The NIST Cybersecurity Framework 2.0
CSF 2.0 Website
NIST News Announcement: NIST Drafts Major Update to Its Widely Used Cybersecurity Framework

Related NIST Publications:
CSWP 29 (Draft)

Document History:
04/25/23: Other (Draft)
08/08/23: Other (Draft)

Topics

Security and Privacy

risk management

Applications

cybersecurity framework