Official websites do not use .rip
A .gov website belongs to an official government organization in the United States.

We are building a provable archive!
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST CSWP 32 (Initial Public Draft)

NIST Cybersecurity Framework 2.0: A Guide to Creating Community Profiles

Date Published: February 26, 2024
Comments Due: May 3, 2024
Email Comments to: framework-profiles@nist.gov

Author(s)

Cheri Pascoe (NIST), Julie Nethery Snyder (MITRE), Karen Scarfone (Scarfone Cybersecurity)

Announcement

Since the NIST Cybersecurity Framework (CSF) was first released in 2014, the CSF has been used by communities with shared interests in cybersecurity risk management. These communities developed what are now called “Community Profiles” to outline shared interests, goals, and outcomes within a specific context, such as a sector, technology, or challenge. CSF 2.0 introduced the term “Community Profiles” to describe the ways various organizations have used CSF Profiles to develop cybersecurity risk management guidance that applies to multiple organizations, as well as to differentiate them from Organizational Profiles that are internally focused on the organization itself and generally not shared publicly. A Community Profile can be thought of as guidance for a specific community that is organized around the common taxonomy of the CSF.

This guide provides considerations for creating and using Community Profiles to implement the CSF 2.0. It is intended to provide a starting point, as there are a myriad of ways that Community Profiles have been developed to serve communities. Communities can build on the ideas in this guide to create a Community Profile that supports their needs where they share common priorities.

The public comment period for this draft is open through May 3, 2024. Please send your comments to framework-profiles@nist.gov.

Abstract

Keywords

Community Profiles; cybersecurity; Cybersecurity Framework (CSF); cybersecurity risk governance; cybersecurity risk management; enterprise risk management; Profiles
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.CSWP.32.ipd
Download URL

Supplemental Material:
NCCoE Framework Resource Center
More on CSF 2.0 Profiles

Document History:
02/26/24: CSWP 32 (Draft)