U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

A Guide to Creating Community Profiles

Since the NIST Cybersecurity Framework (CSF) was first released in 2014, the CSF has been used by communities with shared interests in cybersecurity risk management. They developed what CSF 2.0 terms “Community Profiles” to describe the ways various organizations have used CSF Profiles to develop cybersecurity risk management guidance that applies to multiple organizations, as well as to differentiate them from Organizational Profiles that are not shared publicly. A Community Profile can be thought of as guidance for a specific community that is organized around the common taxonomy of the CSF. 

Considerations for developing CSF 2.0 Community Profiles

The guide describes Community Profiles, provides a template and guidance for the content that may be conveyed through a Community Profile, and offers a Community Profile Lifecycle (Plan, Develop, Use, Maintain). Communities can build on the ideas in this guide to create a Community Profile that supports their needs where they share common priorities.
Status: Reviewing Comments

The public comment period has closed for NIST Cybersecurity Framework 2.0:
A Guide to Creating Community Profiles. We are currently reviewing the comments received. Thank you to everyone who shared their feedback with us. 

NIST CSWP 32 ipd, NIST Cybersecurity Framework 2.0: A Guide to Creating Community Profiles (Initial Public Draft)Web Version NIST CSWP 32 ipd, NIST Cybersecurity Framework 2.0: A Guide to Creating Community Profiles (Initial Public Draft)
Download CSF 2.0 Community Profile Template (Draft) Read the FAQs

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself