---
title: "What Is Included in the NIST Frameworks Hub (CSF, RMF, SP 800)"
canonical_url: "https://www.sorena.io/artifacts/global/nist-frameworks-hub/what-is-included"
source_url: "https://www.sorena.io/artifacts/global/nist-frameworks-hub/what-is-included"
author: "Sorena AI"
description: "Coverage map for key NIST frameworks and publications: NIST CSF 2.0, RMF, SP 800-53, SP 800-61r3, SP 800-161r1, SP 800-218 SSDF."
published_at: "2026-03-04"
updated_at: "2026-03-04"
keywords:
  - "NIST frameworks what is included"
  - "NIST CSF 2.0 coverage"
  - "NIST RMF overview"
  - "NIST SP 800-53 rev 5"
  - "NIST SP 800-61 rev 3"
  - "NIST SP 800-161 rev 1"
  - "NIST SP 800-218 SSDF"
  - "NIST cybersecurity guidance map"
  - "NIST framework implementation bundle"
  - "GLOBAL compliance"
  - "NIST frameworks"
  - "SP 800 series"
  - "Coverage"
  - "Implementation"
---
**[SORENA](https://www.sorena.io/)** - AI-Powered GRC Platform

[Home](https://www.sorena.io/) | [Solutions](https://www.sorena.io/solutions) | [Artifacts](https://www.sorena.io/artifacts) | [About Us](https://www.sorena.io/about-us) | [Contact](https://www.sorena.io/contact) | [Portal](https://app.sorena.io)

---

# What Is Included in the NIST Frameworks Hub (CSF, RMF, SP 800)

Coverage map for key NIST frameworks and publications: NIST CSF 2.0, RMF, SP 800-53, SP 800-61r3, SP 800-161r1, SP 800-218 SSDF.

*Coverage* *GLOBAL*

## NIST Frameworks Hub What Is Included

Coverage map of NIST frameworks and publications by use case.

Use this to pick the right NIST guidance and build an evidence-first implementation plan.

This hub covers the NIST layers most organizations combine in practice: CSF 2.0 for outcomes and communication, RMF for system lifecycle and authorization context, SP 800-53 Rev. 5 Update 1 for controls, SP 800-61 Rev. 3 for incident response, SP 800-161 Rev. 1 Update 1 for supply-chain risk, and SP 800-218 SSDF v1.1 for secure software development.

## Coverage map: what each NIST artifact is best used for

Start with the decision problem. Different NIST artifacts are optimized for different layers of governance and implementation. This is why a good NIST program usually uses a stack, not a single document.

The hub focuses on the artifacts that are most reusable for enterprise cybersecurity programs and assurance work.

- CSF 2.0: cybersecurity outcomes, profiles, tiers, and risk communication
- RMF: categorize, select, implement, assess, authorize, and monitor context
- SP 800-53 Rev. 5 Update 1: controls and assessment depth
- SP 800-61 Rev. 3: incident response lifecycle
- SP 800-161 Rev. 1 Update 1: cybersecurity supply chain risk management
- SP 800-218 SSDF v1.1: secure software development practices

## Recommended NIST stack patterns

Most programs benefit from a repeatable stack: one artifact for communication, one for depth, and one shared evidence model. The right stack depends on the immediate risk pressure and the type of program being built.

Use the patterns below as practical defaults, then tailor by scope and assurance demands.

- Enterprise governance stack: CSF 2.0 plus targeted SP 800 depth publications
- System-centric stack: RMF plus SP 800-53 assessment and monitoring depth
- Software stack: CSF 2.0 plus SSDF v1.1 and release evidence
- Supplier stack: CSF 2.0 plus SP 800-161 contract, due-diligence, and monitoring depth
- Operational resilience stack: CSF 2.0 plus SP 800-61r3 incident metrics and improvement loops

## Evidence that should travel across the whole stack

NIST adoption becomes manageable when evidence is collected once and reused across the stack. The same evidence should support governance, technical assurance, and customer or audit questions.

The essential discipline is explicit ownership, refresh cadence, and linkage to the specific NIST layer it supports.

- Scope, inventories, owners, and publication-version assumptions
- Risk records, profile gaps, action plans, and approvals
- Control, incident, supplier, and software-development evidence
- Assessment, monitoring, and corrective-action closure records

*Recommended next step*

*Placement: after the scope or definition section*

## Use NIST Frameworks Hub What Is Included as a cited research workflow

Research Copilot can take NIST Frameworks Hub What Is Included from clarifying scope and applicability with cited answers to a reusable workflow inside Sorena. Teams working on NIST Frameworks Hub can keep owners, evidence, and next steps aligned without copying this guide into separate documents.

- [Open Research Copilot for NIST Frameworks Hub What Is Included](/solutions/research-copilot.md): Start from NIST Frameworks Hub What Is Included and answer scope, timing, and interpretation questions with cited outputs.
- [Talk through NIST Frameworks Hub](/contact.md): Review your current process, evidence gaps, and next steps for NIST Frameworks Hub What Is Included.

## Primary sources

- [NIST Cybersecurity Framework Resource Center](https://www.nist.gov/cyberframework?ref=sorena.io) - Primary source for CSF 2.0 and supplemental resources.
- [NIST CSRC Publications](https://csrc.nist.gov/publications?ref=sorena.io) - Catalog of SP 800 publications and cybersecurity guidance.
- [NIST SP 800-53 Rev. 5 (Update 1)](https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final?ref=sorena.io) - Security and privacy controls baseline details.
- [NIST SP 800-61 Rev. 3](https://csrc.nist.gov/pubs/sp/800/61/r3/final?ref=sorena.io) - Incident response recommendations and lifecycle guidance.
- [NIST SP 800-161 Rev. 1](https://csrc.nist.gov/pubs/sp/800/161/r1/final?ref=sorena.io) - Cybersecurity supply-chain risk management practices.
- [NIST SP 800-218 (SSDF)](https://csrc.nist.gov/pubs/sp/800/218/final?ref=sorena.io) - Secure software development framework practices.

## Related Topic Guides

- [Choose the Right NIST Standard (CSF, RMF, 800-53, 800-61r3, 800-161r1, SSDF)](/artifacts/global/nist-frameworks-hub/choose-the-right-nist-standard.md): Decision guide to choose the right NIST framework or publication by objective: governance and communication (CSF), control baseline depth (SP 800-53).
- [NIST Frameworks Hub FAQ (CSF, SP 800, RMF, NIST vs ISO)](/artifacts/global/nist-frameworks-hub/faq.md): FAQ for choosing and implementing NIST frameworks: CSF 2.0, SP 800 publications, RMF context, control mappings, evidence cadence.
- [NIST vs ISO (Framework Mapping, Governance, and Evidence Reuse)](/artifacts/global/nist-frameworks-hub/nist-vs-iso.md): NIST vs ISO explained for practical implementation: outcomes-driven NIST frameworks vs certifiable ISO management systems.


---

[Privacy Policy](https://www.sorena.io/privacy) | [Terms of Use](https://www.sorena.io/terms-of-use) | [DMCA](https://www.sorena.io/dmca) | [About Us](https://www.sorena.io/about-us)

(c) 2026 Sorena AB (559573-7338). All rights reserved.

Source: https://www.sorena.io/artifacts/global/nist-frameworks-hub/what-is-included