NIST Releases Version 2 of the Cybersecurity Framework (CSF)

On February 26, 2024, NIST released version 2 of the Cybersecurity Framework (CSF). The new version makes some significant changes, such as moving Governance out of the Identify function and into its own dedicated Govern function.

Control mappings and references to version 2 are still being developed and released. As they come out, we will continue to update this site with tools to make the most of the framework.

Click here to go to the Cybersecurity Framework Version 2.

Using the STRIDE-LM Threat Model to Drive Security Control Selection

Using threat modeling can be an effective way to prioritize security control implementation efforts for a given solution. The resulting prioritization can then be used to help optimize time or financial costs during solution development. The following is a brief overview of using the threat modeling process to select both NIST CSF security outcomes and NIST security controls.

Continue reading “Using the STRIDE-LM Threat Model to Drive Security Control Selection”

NIST SP 800-53 Revision 4 vs. 5: What’s the Difference?

NIST Special Publication 800-53 Revision 5 was released recently and it includes a substantial number of changes. While NIST did outline many of the changes in their release notes, there are a few other things they left out.

Continue reading “NIST SP 800-53 Revision 4 vs. 5: What’s the Difference?”


Welcome to CSF Tools! You may be wondering what all this stuff is and why I put it here. Like so many things in life as a technologist, this all started with me trying to find ways to visualize the NIST Cybersecurity Framework for a PowerPoint presentation. I wasn’t really happy with the stuff I found, so decided to start building a library of visualizations linking that CSF to different control sets.

What is here so far is just the beginning. I have many ideas regarding new visualizations, control sets, and features to increase flexibility of presentation. Check back in periodically — you never know what you might find!