Changeflow GovPing Data Privacy & Cybersecurity NIST Cybersecurity Framework 2.0 Quick-Start Gu...
Routine Guidance Added Final

NIST Cybersecurity Framework 2.0 Quick-Start Guide for Organizations

Favicon for csrc.nist.gov NIST Publications
Published
Detected
Email

Summary

NIST published a Quick-Start Guide (SP 1308, Final) providing organizations with practical guidance for implementing the Cybersecurity Framework 2.0. The guide integrates concepts from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and make workforce decisions based on risk reality. It applies at both the organization level (managing risks of multiple systems) and the enterprise level (senior leader risk responsibilities).

Published by NIST on csrc.nist.gov . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .
View original document View source feed page

What changed

NIST released a final Quick-Start Guide (SP 1308) for Cybersecurity Framework 2.0 implementation, targeting organizations and enterprise-level senior leaders. The guide addresses three interconnected domains: cybersecurity risk management, enterprise risk management, and workforce management. It emphasizes agile, continuous workforce adaptation to address emerging threats and technologies.

Organizations seeking to improve their cybersecurity risk communication or align workforce decisions with risk-based planning should review this guide as a practical implementation resource. The guide supplements the core CSF 2.0 framework rather than creating new compliance requirements.

Archived snapshot

Apr 20, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Official websites use .gov
A .gov website belongs to an official government
organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to
the .gov website. Share sensitive information only on official,
secure websites.

Information Technology Laboratory Computer Security Resource Center

  1. Publications

NIST SP 1308

NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide

Date Published: March 2026

Author(s)

National Institute of Standards and Technology

Abstract

This Quick-Start Guide (QSG) draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and to plan and implement workforce decisions based upon risk reality and planned risk responses. The scope of this QSG will vary depending on the user, but generally applies at the organization level, where cybersecurity risks of multiple systems are managed, and at the enterprise level, where senior leaders take on unique risk management responsibilities spanning multiple organizations. This QSG addresses the need for agile, continuous workforce adaptation to rapidly evolve for emerging threats and technologies.

This Quick-Start Guide (QSG) draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and to plan and implement workforce decisions based upon risk reality and...

Keywords

NIST Cybersecurity Framework (CSF) 2.0; enterprise risk management; workforce development; NICE Framework.

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.SP.1308
Download URL

Supplemental Material:
CSF 2.0 QSGs

Document History:
03/23/26: SP 1308 (Final)

Related changes

Favicon for cdt.ca.gov California Cybersecurity Advisory Services for State Entities
Routine Apr 18, 2026 CA Cybersecurity CDT Data Privacy & Cybersecurity
Favicon for csrc.nist.gov Foundational Cybersecurity Activities for IoT Product Manufacturers
Routine Apr 20, 2026 NIST Publications Data Privacy & Cybersecurity
Favicon for csrc.nist.gov NIST SP 800-133 Rev. 3 Draft: Recommendation for Cryptographic Key Generation
Priority review Apr 20, 2026 NIST Publications Data Privacy & Cybersecurity

Get daily alerts for NIST Publications

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for csrc.nist.gov
NIST Publications csrc.nist.gov/publications
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from NIST.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
NIST
Published
March 23rd, 2026
Instrument
Guidance
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Minor
Document ID
NIST SP 1308

Who this affects

Applies to
Technology companies Government agencies Healthcare providers
Industry sector
5112 Software & Technology
Activity scope
Cybersecurity risk management Enterprise risk management Workforce planning
Geographic scope
United States US

Taxonomy

Primary area
Cybersecurity
Operational domain
Compliance
Compliance frameworks
NIST CSF
Topics
Data Privacy Risk Management Employment & Labor

Browse Categories

Agriculture & Food Safety 73 AI Regulation 3 Banking & Finance 379 Civil Rights 4 Consumer Protection 78 Courts & Legal 361 Data Privacy & Cybersecurity 83 Defense & National Security 53 Dentistry 1 Education 54 Emergency Management 1 Energy 99 Environment 86 Environmental & Energy 52 Environmental Regulation 7 Financial Regulation 2 Financial Services 10 Gaming 1 Gaming & Gambling 1 Government & Legislation 278 Government Operations 135 Healthcare 136 Healthcare Compliance 6 Healthcare & Life Sciences 129 Housing 16 Immigration 8 Immigration & Border Control 2 Insurance 73 Intellectual Property 1 Labor & Employment 125 Law Enforcement 1 Legal & Judicial 45 Occupational Safety 5 Pharma & Drug Safety 101 Pharma & Healthcare 1 Pharmacy 1 Privacy 1 Professional Licensing 4 Public Health 2 Public Utilities 1 Real Estate 2 Real Estate & Housing 56 Sanctions & Export Controls 2 Securities & Investments 35 Securities & Markets 103 Securities Regulation 6 Tax 64 Tax & Revenue 10 Telecom & Technology 47 Trade & Commerce 3 Trade & Sanctions 135 Transportation 88 Veterinary Boards 4

Get alerts for this source

We'll email you when NIST Publications publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!