NIST has released two new NIST Cybersecurity Framework (CSF) 2.0 quick-start guides (QSG), adding to an expanding portfolio of implementation resources that offer tailored pathways for different audiences to engage with CSF 2.0.![]()
![]()
Integrating Cybersecurity, Enterprise Risk Management, and Workforce Management
The final version of NIST Special Publication (SP) 1308, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide is now available. The CSF 2.0 team thanks all who contributed during the two public comment periods.
This document draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks, plan workforce decisions, and implement risk-informed responses.
Seeking Comments: Using Informative References to Support Cybersecurity Risk Management
The Initial Public Draft of SP 1347, NIST Cybersecurity Framework 2.0: Informative References Quick‑Start Guide, explains what informative references are and how they support achieving the outcomes of the CSF 2.0. The guide also introduces readers to NIST tools available for accessing, viewing, and using informative references for cybersecurity risk management, including direct download, the CSF 2.0 Reference Tool, and the Online Informative References Program. The draft contains two sample use cases and provides an overview of how artificial intelligence tools can support reference data use.
SP 1347 is available for a 45‑day public comment period, closing May 6, 2026, at 11:59 PM (EST). Email comments to [email protected].
