The National Institute of Standards and Technology (NIST) officially released version 2.0 of their Cybersecurity Framework today. Here's what's changed.
The National Institute of Standards and Technology (NIST) officially released version 2.0 of their Cybersecurity Framework today.
As I noted in my previous article when the public draft of 2.0 was released in August 2023, there is a new function, "Govern".
What the NIST website doesn't communicate all that well, is what's changed.
So, I updated my NIST CSF 1.1 to 2.0 circuit board to include considerations and changes in the official release (click on the following image for the high resolution PDF version).
🏛 A new function, "Govern", has been added, recognizing (just like the SEC and many other regulators) that Cyber Governance is extremely important, and something that's been ignored for too long.
🆕 Added ID.RA-10: Critical suppliers are assessed prior to acquisition.
❌ Removed PR.DS-09: Data is managed throughout its life cycle, including destruction.
⬇ Shifted GV.SC: Cybersecurity Supply Chain Risk Management to be the last listed category in the Govern function.
✏ Edited definitions, mostly softening obligations placed on organizations.
Finally, we're happy to announce support for the official public release of NIST CSF 2.0 in CyberHQ® Enterprise. Because we've managed to do this within 12 hours of release, we believe we're the first platform globally to support it in a software platform.
Experience the power of a connected, automated platform that empowers you to Simulate Attack Paths, Automate Compliance, and Quantify Risk centrally. Sign up to our updates by providing your email below.
Simulate Attack Paths, Automate Compliance, and Quantify Risk. Deploy CyberHQ® to supercharge your threat defense strategy.
