The U.S. NIST (National Institute of Standards and Technology) released two new NIST Cybersecurity Framework (CSF) 2.0 quick-start guides (QSG), adding to an expanding portfolio of implementation resources that offer tailored pathways for different audiences to engage with CSF 2.0. One document positions cybersecurity risk as a core component of enterprise risk management and integrates it with workforce planning to improve how organizations assess, communicate, and respond to threats, while the other explains what informative references are and how they support achieving the outcomes of CSF 2.0.
NIST published the final version of NIST Special Publication (SP) 1308, NIST Cybersecurity Framework 2.0: Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide, which draws on concepts and practices from enterprise risk management, cybersecurity risk management, and workforce management to help organizations improve communication about cybersecurity risks, plan workforce decisions, and implement risk-informed responses. Currently available, the document identifies that cybersecurity risks are one of many types of risk that all organizations…
