The National Institute of Standards and Technology (NIST) officially released version 2.0 of their Cybersecurity Framework today.
As I noted in my previous article when the public draft of 2.0 was released in August 2023, there is a new function, "Govern".
What the NIST website doesn't communicate all that well, is what's changed.
So, I updated my NIST CSF 1.1 to 2.0 circuit board to include considerations and changes in the official release (click on the following image for the high resolution PDF version).
In summary:1.1 ▶ 2.0 Public Draft
🏛 A new function, "Govern", has been added, recognizing (just like the SEC and many other regulators) that Cyber Governance is extremely important, and something that's been ignored for too long.
2.0 Public Draft ▶ 2.0 Official Release
🆕 Added ID.RA-10: Critical suppliers are assessed prior to acquisition.
❌ Removed PR.DS-09: Data is managed throughout its life cycle, including destruction.
⬇ Shifted GV.SC: Cybersecurity Supply Chain Risk Management to be the last listed category in the Govern function.
✏ Edited definitions, mostly softening obligations placed on organizations.
Support for NIST CSF 2.0 in CyberHQ®
Finally, we're happy to announce support for the official public release of NIST CSF 2.0 in CyberHQ® Enterprise. Because we've managed to do this within 12 hours of release, we believe we're the first platform globally to support it in a software platform.
