Estimated Reading Time: 2 minutes
NIST Cybersecurity Framework v2.0
As promised, I have updated the CSF tool to reflect the new NIST CSF 2.0 version released on February 26, 2024.
While the tool has maintained much of its heritage from prior versions, there have also been some much-needed UI improvements for this release.
- Readability enhancements – Cleaner fonts, better spacing, and highlighting make the summary page easier to read.
- Added the number of controls each category contains.
- Added ‘reasoning’ sections to the scoring page so the justification for the assigned scores can also be tracked.
- Corrected conditional formatting on the CSF and Privacy summary tabs to function cleanly.
- Removed the password protection of cells.
Thank you for the valuable comments, feedback, and suggestions over the years. The prior version of the tool had over 30k downloads, which is beyond humbling.
I’d also like to thank, most of all, everyone who has reached out over the years just to share how much the tool has helped you. Reading all those emails, messages, and comments is absolutely remarkable, and I am truly thankful for each one of them.
You can download the latest version of the tool from GitHub here.
Copyright © 2002-2024 John Masserini. All rights reserved.
Is the tool supposed to populate the total for each domain from the CSF 2.0 tab to the NIST CSF Summary tab?
Yes – all of the fields in eh Summary tab will auto-populate when the CSF2.0 form is completed.
Congrats John, thanks for this tool.
Errata: in the References tab, the latest NIST 800-53 is Rev 5, whose URL is
https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
and a new line should be dedicated for the NIST CSF page itself at
https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-csf-20/final
Thanks Adrian. I’ll be sure to update the links for the next revision.