NIST Cybersecurity Framework 2.0 Quick-Start Guide Published

NIST Publications

Published March 23rd, 2026

Detected March 25th, 2026

Summary

NIST has published a Quick-Start Guide for its Cybersecurity Framework 2.0, focusing on integrating cybersecurity, enterprise risk management, and workforce management. The guide aims to help organizations improve communication about cybersecurity risks and align workforce decisions with risk realities.

View original document View source feed page

What changed

NIST has released a new Quick-Start Guide (QSG) for its Cybersecurity Framework 2.0 (CSF 2.0). This guide, published on March 23, 2026, draws upon concepts from enterprise risk management, cybersecurity risk management, and workforce management to assist organizations in enhancing communication regarding cybersecurity risks and in planning workforce adaptations based on risk assessments and planned responses. It is intended for use at both the organization and enterprise levels, addressing the need for agile workforce adjustments to evolving threats and technologies.

Organizations can use this guide to better align their cybersecurity strategies with broader enterprise risk management objectives and to make informed decisions about their cybersecurity workforce. While the guide itself is non-binding, its adoption can lead to improved risk posture and more effective workforce planning. Compliance officers should review the guide to understand how it can inform their existing cybersecurity programs and workforce development initiatives.

What to do next

Review the NIST Cybersecurity Framework 2.0 Quick-Start Guide.
Assess current cybersecurity and workforce management practices against the guide's recommendations.
Consider integrating enterprise risk management principles into cybersecurity planning.

Source document (simplified)

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide

Published

March 23, 2026

Author(s)

Stephen Quinn, Daniel Eliot, Michael Prebil, Greg Witte, Matthew Smith

Abstract

This Quick-Start Guide (QSG) draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks and to plan and implement workforce decisions based upon risk reality and planned risk responses. The scope of this QSG will vary depending on the user, but generally applies at the organization level, where cybersecurity risks of multiple systems are managed, and at the enterprise level, where senior leaders take on unique risk management responsibilities spanning multiple organizations. This QSG addresses the need for agile, continuous workforce adaptation to rapidly evolve for emerging threats and technologies. Citation Special Publication (NIST SP) - 1308 Report Number 1308 NIST Pub Series Special Publication (NIST SP) Pub Type NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.1308 Local Download

Keywords

cybersecurity, enterprise risk management, cybersecurity workforce management, risk register, CSF 2.0, Cybersecurity Framework Profile Cybersecurity and privacy

Citation

Quinn, S.
, Eliot, D.
, Prebil, M.
, Witte, G.
and Smith, M.

(2026),
NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1308, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=961795       
  (Accessed March 24, 2026)