CoverageGLOBAL

NIST Frameworks Hub What Is Included

Coverage map of NIST frameworks and publications by use case.

Use this to pick the right NIST guidance and build an evidence-first implementation plan.

Back to main artifactReview sources
Author
Sorena AI
Published
Mar 4, 2026
Updated
Mar 4, 2026
Sections
3

Structured answer sets in this page tree.

Primary sources
6

Cited legal and guidance references.

Publication metadata
Sorena AI
Published Mar 4, 2026
Updated Mar 4, 2026
Overview

This hub covers the NIST layers most organizations combine in practice: CSF 2.0 for outcomes and communication, RMF for system lifecycle and authorization context, SP 800-53 Rev. 5 Update 1 for controls, SP 800-61 Rev. 3 for incident response, SP 800-161 Rev. 1 Update 1 for supply-chain risk, and SP 800-218 SSDF v1.1 for secure software development.

Section 1

Coverage map: what each NIST artifact is best used for

Start with the decision problem. Different NIST artifacts are optimized for different layers of governance and implementation. This is why a good NIST program usually uses a stack, not a single document.

The hub focuses on the artifacts that are most reusable for enterprise cybersecurity programs and assurance work.

  • CSF 2.0: cybersecurity outcomes, profiles, tiers, and risk communication
  • RMF: categorize, select, implement, assess, authorize, and monitor context
  • SP 800-53 Rev. 5 Update 1: controls and assessment depth
  • SP 800-61 Rev. 3: incident response lifecycle
  • SP 800-161 Rev. 1 Update 1: cybersecurity supply chain risk management
  • SP 800-218 SSDF v1.1: secure software development practices
Section 3

Evidence that should travel across the whole stack

NIST adoption becomes manageable when evidence is collected once and reused across the stack. The same evidence should support governance, technical assurance, and customer or audit questions.

The essential discipline is explicit ownership, refresh cadence, and linkage to the specific NIST layer it supports.

  • Scope, inventories, owners, and publication-version assumptions
  • Risk records, profile gaps, action plans, and approvals
  • Control, incident, supplier, and software-development evidence
  • Assessment, monitoring, and corrective-action closure records
Recommended next step

Use NIST Frameworks Hub What Is Included as a cited research workflow

Research Copilot can take NIST Frameworks Hub What Is Included from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on NIST Frameworks Hub can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

Research workflow
Open Research Copilot for NIST Frameworks Hub What Is Included

Start from NIST Frameworks Hub What Is Included and answer scope, timing, and interpretation questions with cited outputs.

Explore next step
Talk to Sorena
Talk through NIST Frameworks Hub

Review your current process, evidence gaps, and next steps for NIST Frameworks Hub What Is Included.

Explore next step
Primary sources

References and citations

NIST CSRC Publications
csrc.nist.gov
Referenced sections
  • Catalog of SP 800 publications and cybersecurity guidance.
NIST SP 800-61 Rev. 3
csrc.nist.gov
Referenced sections
  • Incident response recommendations and lifecycle guidance.
Related guides

Explore more topics

Choose the Right NIST Standard (CSF, RMF, 800-53, 800-61r3, 800-161r1, SSDF)
Decision guide to choose the right NIST framework or publication by objective: governance and communication (CSF), control baseline depth (SP 800-53).
NIST Frameworks Hub FAQ (CSF, SP 800, RMF, NIST vs ISO)
FAQ for choosing and implementing NIST frameworks: CSF 2.0, SP 800 publications, RMF context, control mappings, evidence cadence.
NIST vs ISO (Framework Mapping, Governance, and Evidence Reuse)
NIST vs ISO explained for practical implementation: outcomes-driven NIST frameworks vs certifiable ISO management systems.