NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide

Date Published: November 24, 2025
Comments Due: January 7, 2026
Email Comments to: [email protected]

Author(s)

National Institute of Standards and Technology

Announcement

NIST published the Initial Public Draft (IPD) of NIST SP 1308 on March 12, 2025. We thank everyone who submitted comments on the initial draft. Your thoughtful feedback prompted substantial revisions. In response, we have published a second public draft to give stakeholders an opportunity to review and provide input before NIST finalizes the document. 

About the Quick Start Guide

This Quick-Start Guide draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and to plan and implement workforce decisions based upon risk reality and planned risk responses.

This QSG draws on three key NIST resources to enable users to align their cybersecurity, ERM, and workforce management practices in a streamlined process:

• The Cybersecurity Framework (CSF) 2.0
• The Workforce Framework for Cybersecurity (NICE Framework)
• The NIST IR 8286 series, Integrating Cybersecurity and Enterprise Risk Management (ERM)

This publication is the most recent within a portfolio of CSF 2.0 quick-start guides released since February 26, 2024. These resources offer tailored pathways for different audiences to engage with the CSF 2.0, making the Framework easier to implement. View all CSF 2.0 quick-start guides.

Submit Your Comments

The comment period is open through January 7, 2026, at 11:59 PM (EST). Email comments to [email protected].

Control Families

None selected