Introducing The New Community Profiles Guide


We are excited to share the first resource made available in the new NCCoE Framework Resource Center: Cybersecurity Whitepaper (CSWP) 32, NIST Cybersecurity Framework 2.0: A Guide to Creating Community Profiles (“Community Profiles Guide”). The Community Profiles Guide was released as an initial public draft on February 26th and is available for public comment through May 3rd. We welcome your feedback!

We created the Community Profiles Guide to reflect the use of the CSF for developing use case-specific cybersecurity risk management guidance for multiple organizations. CSF 2.0 introduced the term “Community Profiles” for this purpose. This Community Profiles Guide provides considerations for creating and using Community Profiles to help implement the Framework and is based on over a decade of experience working with multiple partners and communities. The guide describes Community Profiles, provides guidance for the content that may be conveyed through a Community Profile, and offers a Community Profile Lifecycle, pictured below. 

Depicts the four phases of the Community Profile Lifecycle: Plan, Develop, Use, and Maintain, each involving continuous Communication.

The Community Profile Lifecycle begins with a planning process that includes understanding the needs of the community it is intended to support and determining the scope of the Profile. Thoughtful planning enables the development process, resulting in the Community Profile. The Profile is then ready for use by organizations in the community. Community Profiles are reviewed periodically and updated as needed to ensure they are adequately maintained and continue to meet the needs of the community or are retired when no longer needed.  A thread of communication runs throughout the Community Profile Lifecycle. Coordination and collaboration among organizations within the community helps develop a Community Profile that is realistic and useful throughout its lifespan.

There are a myriad of ways that Community Profiles have been developed to serve communities. We hope you find this guide useful for thinking about ways your communities can come together to create Community Profiles and capitalize on their benefits, such as:

  • Fostering collaboration across the community
  • Describing a shared taxonomy for cybersecurity risk management and priorities in the context of the community 
  • Encouraging common target outcomes that organizations within the community can use to inform their assessments of cybersecurity progress 
  • Aligning requirements from multiple sources under one framework
  • Leveraging expertise across the community
  • Minimizing the burden for each organization by providing priorities and outcomes that organizations can use to develop their own Target Profiles 

Please let us know what you think about this NIST Cybersecurity White Paper through May 3. Submit comments through the form on the project page or via email.

The NCCoE will also be hosting a Community Profiles Webinar on April 23, 2024, at 2:00 P.M. ET. Join us to learn more and ask questions about the NIST CSF 2.0, the Community Profiles Guide, and more. 

Register Now

Need some help getting started with a Community Profile?  Have an idea for additional resources you would like to see from the NCCoE related to implementing NIST frameworks?  Please email us at!