NIST Cybersecurity Framework 2.0: A Guide to Creating Community Profiles

Date Published: February 26, 2024
Comments Due: May 3, 2024
Email Comments to: framework-profiles@nist.gov

Author(s)

Cheri Pascoe (NIST), Julie Nethery Snyder (MITRE), Karen Scarfone (Scarfone Cybersecurity)

Announcement

Since the NIST Cybersecurity Framework (CSF) was first released in 2014, the CSF has been used by communities with shared interests in cybersecurity risk management. These communities developed what are now called “Community Profiles” to outline shared interests, goals, and outcomes within a specific context, such as a sector, technology, or challenge. CSF 2.0 introduced the term “Community Profiles” to describe the ways various organizations have used CSF Profiles to develop cybersecurity risk management guidance that applies to multiple organizations, as well as to differentiate them from Organizational Profiles that are internally focused on the organization itself and generally not shared publicly. A Community Profile can be thought of as guidance for a specific community that is organized around the common taxonomy of the CSF.

This guide provides considerations for creating and using Community Profiles to implement the CSF 2.0. It is intended to provide a starting point, as there are a myriad of ways that Community Profiles have been developed to serve communities. Communities can build on the ideas in this guide to create a Community Profile that supports their needs where they share common priorities.

The public comment period for this draft is open through May 3, 2024. Please send your comments to framework-profiles@nist.gov.

Control Families

None selected