Sure, I hope the below clarify these points for you:

1. Control Objectives and Risk Statements: When you install the NIST CSF Use Case Accelerator plugin, you do get pre-configured control objectives and risk statements that align with the NIST Cybersecurity Framework (CSF). These objectives and statements are based on the latest version of the NIST CSF at the time of the plugin's release.

If NIST updates the framework, ServiceNow typically updates the plugin to reflect these changes, so you would need to update the plugin to get the latest control objectives and risk statements.

1. Workflows Enabled: Installing the NIST CSF Use Case Accelerator plugin enables several workflows within the ServiceNow Governance, Risk, and Compliance (GRC) applications. These include:
• Policy and Compliance Management: Helps in defining and managing policies and compliance requirements.
• Risk Management: Facilitates the identification, assessment, and mitigation of risks.
• Audit Management: Supports the planning, execution, and reporting of audits.
• Framework Core and Profiling: Provides structured ways to define and execute risk and cybersecurity management actions in accordance with the NIST CSF.

If you have any more questions or need further clarification, feel free to ask.