On February 26, 2024, the National Institute of Standards and Technology (NIST) published the NIST Special Publication (SP) 1301 NIST Cybersecurity Framework 2.0: Quick Start Guide for Creating and Using Organizational Profiles. In particular, the Quick Start Guide (QSG) aims to facilitate the use of the Cybersecurity Framework 2.0 (CSF) published on February 26, 2024.

More specifically, the QSG provides that an organizational profile describes an organization's current and/or target cybersecurity posture. Organizational profiles can be categorized as a current profile, which specifies how an organization may achieve its desired CSF outcomes, or a target profile, which considers anticipated changes to an organization's cybersecurity posture such as the adoption of new technology.

The QSG clarifies that the CSF presents a five-step process for creating and using organizational profiles, including:

• the scope of the organizational profile - reasons for creating the organizational profile;
• gathering the information needed - such as organization policies, risk management priorities, and other cybersecurity standards;
• creating the organizational profile - using the applicable CSF template with changes to suit organizations' needs;
• analyzing gaps and creating an action plan - a waiting list of pending improvements for the cybersecurity program; and
• implementing the action plan and updating the organizational profile - a combination of management and technical controls.

You can read the publishing information here, the QSG here, and the CSF 2.0 here.