Changeflow GovPing Data Privacy & Cybersecurity NIST Cybersecurity Framework 2.0 Informative Re...
Priority review Guidance Added Draft

NIST Cybersecurity Framework 2.0 Informative References Quick-Start Guide

Favicon for www.nist.gov NIST Cybersecurity Framework Updates
Published March 23rd, 2026
Detected March 24th, 2026
Email

Summary

NIST has released an initial public draft of the SP 1347, 'NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide.' This document explains informative references and their role in achieving CSF 2.0 outcomes, introducing NIST tools for managing them and exploring AI's support for reference data.

View original document View source feed page

What changed

NIST has issued an initial public draft of SP 1347, the 'NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide.' This document aims to clarify the concept of informative references within the CSF 2.0, detailing how they link elements of different source documents and support cybersecurity risk management. It introduces NIST's tools for accessing and utilizing these references, including direct downloads, the CSF 2.0 Reference Tool, and the Online Informative References Program, and includes sample use cases and an overview of how AI can assist with reference data.

Organizations utilizing the NIST CSF 2.0 should review this draft guide to understand how informative references can enhance their cybersecurity risk management efforts. The document is open for public comment until May 6, 2026, and feedback can be submitted via email to [email protected] While this is a draft guidance document and not immediately binding, its content will inform the final version of the CSF 2.0 and related resources, impacting how organizations map and leverage external cybersecurity information.

What to do next

  1. Review the draft SP 1347 for understanding of informative references in CSF 2.0
  2. Submit comments on the draft guide by May 6, 2026

Source document (simplified)

Official websites use .gov
A .gov website belongs to an official government
organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.

Information Technology Laboratory Computer Security Resource Center

  1. Publications

NIST SP 1347 (Initial Public Draft)

NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide

Documentation Topics

Date Published: March 23, 2026
Comments Due: May 6, 2026
Email Comments to: [email protected]

Author(s)

National Institute of Standards and Technology

Announcement

The Initial Public Draft of SP 1347, NIST Cybersecurity Framework 2.0: Informative References Quick‑Start Guide, explains what informative references are and how they support achieving the outcomes of the NIST Cybersecurity Framework (CSF) 2.0. The guide also introduces readers to NIST tools available for accessing, viewing, and using informative references for cybersecurity risk management, including direct download, the CSF 2.0 Reference Tool, and the Online Informative References Program. The draft contains two sample use cases and provides an overview of how artificial intelligence tools can support reference data use.

Abstract

Informative References identify relationships between elements of different source documents **** and can be consumed in human- or machine-readable formats. For example, within the CSF 2.0, each informative reference indicates one or more parts of another document in which readers can find additional information on the topic (known as a crosswalk). This can be useful as organizations work toward achieving the outcomes of the CSF 2.0.  SP 1347, CSF 2.0 Informative References Quick‑Start Guide, explains what informative references are and how they support achieving the outcomes of the CSF 2.0. The guide also introduces readers to NIST tools available for accessing, viewing, and using informative references for cybersecurity risk management, including direct download, the CSF 2.0 Reference Tool, and the Online Informative References Program. The draft contains two sample use cases and provides an overview of how artificial intelligence tools can support reference data use.

Informative References identify relationships between elements of different source documents and can be consumed in human- or machine-readable formats. For example, within the CSF 2.0, each informative reference indicates one or more parts of another document in which readers can find additional... See full abstract

Keywords

NIST Cybersecurity Framework (CSF) 2.0; informative references; mappings; reference data; datasets

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.1347.ipd
Download URL

Supplemental Material:
CSF 2.0 QSGs

Document History:
03/23/26: SP 1347 (Draft)

Topics

Security and Privacy risk management

Applications cybersecurity framework

Activities and Products quick-start guides, reference materials

Named provisions

NIST Cybersecurity Framework 2.0: Informative References Quick-Start Guide

Related changes

Favicon for www.nist.gov NIST Cybersecurity Framework (CSF) 2.0 Anniversary and Updates
Routine Mar 13, 2026 NIST Cybersecurity Framework Updates Data Privacy & Cybersecurity
Favicon for www.nist.gov NIST Cybersecurity Framework 2.0 Profiles and Resources
Routine Mar 13, 2026 NIST Cybersecurity Framework Updates Data Privacy & Cybersecurity
Favicon for www.nist.gov NIST Cybersecurity Framework 2.0 Implementation Resources
Routine Mar 13, 2026 NIST Cybersecurity Framework Updates Data Privacy & Cybersecurity
Favicon for www.federalregister.gov FERC Order 918 Approves CIP-003-11 Cyber Security Standard
Priority review Mar 24, 2026 FR: Federal Energy Regulatory Commission Energy
Favicon for changeflow.com Patent EP4712413A1: Secure access for network identities
Routine Mar 24, 2026 ChangeBridge: EPO Bulletin - AI & Computing (G06N) Telecom & Technology
Favicon for www.justice.gov Russian Citizen Sentenced for Hacking US Companies
Urgent Mar 24, 2026 DOJ News Courts & Legal

Source

Favicon for www.nist.gov
NIST Cybersecurity Framework Updates nist.gov/cyberframework
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
NIST
Published
March 23rd, 2026
Comment period closes
May 6th, 2026 (43 days)
Instrument
Guidance
Legal weight
Non-binding
Stage
Draft
Change scope
Substantive
Document ID
NIST SP 1347

Who this affects

Applies to
Employers Technology companies
Industry sector
5112 Software & Technology 9211 Government & Public Administration
Activity scope
Cybersecurity Risk Management
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Risk Management Artificial Intelligence

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 236 Consumer Protection 40 Courts & Legal 323 Data Privacy & Cybersecurity 64 Defense & National Security 48 Education 20 Energy 104 Environment 83 Government & Legislation 261 Healthcare 131 Housing 16 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 99 Securities & Markets 79 Tax 64 Telecom & Technology 47 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when NIST Cybersecurity Framework Updates publishes new changes.

Free. Unsubscribe anytime.