Second Public Draft of CSF 2.0 Quick-Start Guide for Cybersecurity, ERM, and Workforce Management

NIST Special Publication (SP) 1308 2pd, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, is now available for a second public comment period until January 7, 2026, at 11:59 PM (EST). 

Background

NIST published the Initial Public Draft (IPD) of NIST SP 1308 on March 12, 2025. We thank everyone who submitted comments on the initial draft. Your thoughtful feedback prompted substantial revisions. In response, we have published a second public draft to give stakeholders an opportunity to review and provide input before NIST finalizes the document. 

About the Quick Start Guide

This Quick-Start Guide draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and to plan and implement workforce decisions based upon risk reality and planned risk responses.

This QSG draws on three key NIST resources to enable users to align their cybersecurity, ERM, and workforce management practices in a streamlined process:

• The Cybersecurity Framework (CSF) 2.0
• The Workforce Framework for Cybersecurity (NICE Framework)
• The NIST IR 8286 series, Integrating Cybersecurity and Enterprise Risk Management (ERM)

This publication is the most recent within a portfolio of CSF 2.0 quick start guides released since February 26, 2024. These resources offer tailored pathways for different audiences to engage with the CSF 2.0, making the Framework easier to implement. View all CSF 2.0 quick-start guides. 

Submit Your Comments

The comment period for NIST SP 1308 2pd is open through January 7, 2026, at 11:59 PM (EST). Email comments to: csf [at] nist.gov (csf[at]nist[dot]gov).