NIST Releases Two New CSF 2.0 Quick-Start Guides
 NIST has released two new CSF 2.0 quick-start guides, adding to an expanding portfolio of available implementation resources offering tailored pathways for different audiences to engage with the CSF 2.0. The two new resources include:
Integrating Cybersecurity, Enterprise Risk Management, and Workforce Management
The final version of SP 1308, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide is now available. The CSF 2.0 team thanks all who contributed during the two public comment periods.
This document draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks, plan workforce decisions, and implement risk-informed responses.
Seeking Comments: Using Informative References to Support Cybersecurity Risk Management
The initial public draft of SP 1347, CSF 2.0 Informative References Quick‑Start Guide, explains what informative references are and how they support achieving the outcomes of the CSF 2.0. The guide also introduces readers to NIST tools available for accessing, viewing, and using informative references for cybersecurity risk management, including direct download, the CSF 2.0 Reference Tool, and the Online Informative References Program. The draft contains two sample use cases and provides an overview of how artificial intelligence tools can support reference data use.
SP 1347 is available for a 45‑day public comment period, closing May 6, 2026, at 11:59 PM (EDT). Email comments to csf@nist.gov.
View all CSF 2.0 quick-start guides here.
NIST Cybersecurity and Privacy Program
Questions and comments can be directed to: csf@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov
|
