As we continue our journey through the NIST Cybersecurity Framework v2.0, we address some of the most challenging elements of governing your Cybersecurity capability: Agreeing who is accountable; implementing security policies; and ensuring adequate oversight and assurance is in place.

Unlike the existing five functions of the NIST CSF, which have a logical process of identifying the risks; protecting assets; detecting and responding to cyberattacks; and then recovering to a normal steady state, the Govern function sits centrally to the framework. Govern sits at the core as it informs how the organisation will implement the other five functions, as shown in this illustration from the new framework draft document:

The NIST CSF is a living document, which must continue to reflect the ever-changing cybersecurity landscape. First published as v1.0 in 2014 and then updated with v1.1 in 2018, the decision has been made to provide a new major release to reflect the most significant update since its first publication.

The NIST Cybersecurity Framework: Defending the Digital Frontier and Beyond