The National Institute of Standards and Technology (NIST) has released a draft of NIST Special Publication (SP) 1308 2pd, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, and is inviting public comments until January 7, 2026.
SP 1308 integrates proven approaches from enterprise risk management (ERM), cybersecurity, and workforce management to help organizations better communicate cybersecurity threats and make informed decisions. By grounding workforce planning in actual risk assessments and response strategies, the framework enables more strategic decision-making.
The guide references three key NIST resources that allow users to align their cybersecurity, ERM, and workforce management practices through a unified approach:
This is the second public review period for the Quick-Start Guide. NIST published the Initial Public Draft in March 2025; feedback prompted substantial revisions that are reflected in this version.
Submit Comments
ANSI encourages all relevant stakeholders to review the draft and submit comments to [email protected]. Learn more in the NIST news item: Second Public Draft of CSF 2.0 Quick-Start Guide for Cybersecurity, ERM, and Workforce Management
