NIST issues quick‑start guide

NIST published the final Special Publication 1308, titled "NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick‑Start Guide," in March 2026 (nvlpubs.nist.gov). SP 1308 explicitly ties the CSF 2.0 to the NICE Workforce Framework and frames the document as a Quick‑Start Guide to help organizations map workforce roles and competencies to CSF outcomes (nvlpubs.nist.gov). NIST ran two public comment rounds for this QSG: the Initial Public Draft was posted March 12, 2025, and a second public draft was released November 24, 2025 with a public comment deadline of January 7, 2026 (csrc.nist.gov). The guide is scoped to organization and enterprise levels and instructs that workforce and cyber risk decisions be iterated regularly with provisions for rapid response when the threat landscape shifts (nvlpubs.nist.gov). SP 1308 presents explicit risk‑based workforce treatment options—listing hiring, upskilling, reorganization, or altering a risk treatment—tied to an organization’s stated risk appetite, budget, and mission objectives (nvlpubs.nist.gov). NIST announced SP 1308 as part of a CSF 2.0 toolkit update released in March 2026 and published the final QSG alongside an initial public draft of another CSF 2.0 Quick‑Start (SP 1347) for informative references ( ).