Who: The National Institute for Standards and Technology (NIST) released Cybersecurity Framework 2.0.
What: NIST's new framework expands beyond critical infrastructure to address organizations broadly. It introduces the "Govern" (GV) function, focusing on the organization's cybersecurity risk management strategy, expectations, and policy. This function informs how an organization achieves and prioritizes outcomes in the context of its mission and stakeholder expectations. Governance activities play a crucial role in incorporating cybersecurity into the organization's broader enterprise risk management (ERM) strategy, covering aspects such as organizational context, cybersecurity strategy, and supply chain risk management.
Impact: The release aims to make the framework more relevant to a wider user base in the U.S. and globally. It includes a reference tool, a searchable catalog, and a range of references to assist organizations of varying sizes and sophistication levels in implementing the framework. The addition of the "Govern" function enhances the focus on cybersecurity risk management strategy and governance, aligning with broader enterprise risk management objectives.
Read the NIST release HERE