NIST has released the initial public draft of Special Publication 1331, a quick-start guide aimed at helping organizations improve their management of emerging and emergent cybersecurity risks using the Cybersecurity Framework (CSF) 2.0. The draft emphasizes the importance of integrating CSF 2.0 with enterprise risk management (ERM) to proactively address threats both before and after they materialize. It distinguishes between the roles of CSF’s “Govern,” “Identify,” and “Protect” functions in anticipating risks, and the “Detect,” “Respond,” and “Recover” functions in managing them post-occurrence. Stakeholders are invited to submit feedback until September 21, 2025.

This guide is the latest in a growing series of CSF 2.0 quick-start resources launched since early 2024, designed to make the framework more accessible and actionable for a variety of audiences. The publication also seeks clarity on the definitions of “emerging risk” versus “emergent risk,” recognizing that these terms are often used interchangeably but may carry distinct meanings across organizations and communities. The draft aims to foster deeper alignment in risk terminology and approaches across the cybersecurity ecosystem.

‍

Source: https://industrialcyber.co/nist/nist-sp-1331-draft-guide-expands-csf-2-0-for-managing-emerging-and-emergent-cybersecurity-risks/