 NIST Special Publication (SP) 1308 2pd, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide is now available for a second public comment period until January 7, 2026, at 11:59 PM (EST).
Background
NIST published the Initial Public Draft (IPD) of NIST SP 1308 on March 12, 2025. We thank everyone who submitted comments on the initial draft. Your thoughtful feedback prompted substantial revisions. In response, we have published a second public draft to give stakeholders an opportunity to review and provide input before NIST finalizes the document.
About the Quick-Start Guide
This Quick-Start Guide draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and to plan and implement workforce decisions based upon risk reality and planned risk responses.
 |
|
This QSG draws on three key NIST resources to enable users to align their cybersecurity, ERM, and workforce management practices in a streamlined process:
|
This publication is the most recent within a portfolio of CSF 2.0 quick-start guides released since February 26, 2024. These resources offer tailored pathways for different audiences to engage with the CSF 2.0, making the Framework easier to implement. View all CSF 2.0 quick-start guides here.
Submit Your Comments
The comment period for NIST SP 1308 2pd is open through January 7, 2026, at 11:59 PM (EST). Email comments to: csf@nist.gov.
NIST Cybersecurity and Privacy Program
Questions/Comments about this notice: csf@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov
|
