Changes Between NIST CSF 1.0 to NIST CSF 1.1

Published On: June 13, 2018Categories: News

June 13th, 2018
Mike Edlund, VP Product Management

As part of the normal process of staying current with new frameworks and regulations our team at TrustMAPP analyzed the new NIST CSF 1.1 framework upon it’s release on April 18th, 2018 and have made available to customers the latest version of this framework.

Per the NIST press release: “This update refines, clarifies and enhances Version 1.0,” said Matt Barrett, program manager for the Cybersecurity Framework. “It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the Internet of Things.”

(c) 2018 Secure Digital Solutions, LLC

Key changes to Categories / Subcategories in NIST CSF 1.1

  • 1 New Category (in the Identify Function area)
  • 10 New Subcategories (in the Identify/Protect/Respond Function areas)
  • 26 Subcategories Reworded from v1.0 — changes including:
  • Improved grammar
  • Added details
  • Removed extraneous words
  • Greater use of cyber security vs. information security
  • v1.0 is still compatible with v1.1 (all items in v1.0 are in v1.1)


For those who wish to begin to measure, manage and communicate their security performance aligning to business risk TrustMAPP is providing the capability to do so. With this latest version of NIST CSF customers can expand their measurement to more specifically address supply chain, gather further details on authentication and identity management while enabling more capability for self-assessment and assurance. To schedule a personalized introduction of TrustMAPP visit the appointment page.