A decade after releasing its landmark national cybersecurity framework, the National Institute of Standards and Technology on Monday released version 2.0, an updated document that emphasizes governance and supply chain issues for both public and private sector entities.
The new guidance, which outlines “high-level cybersecurity outcomes that can be used by any organization … to better understand, assess, prioritize and communicate its cybersecurity efforts,” adds a sixth core function — “govern” — to the previously stated pillars: “identify,” “protect,” “detect,” “respond,” and “recover.”
“Govern” focuses on how an organization’s “cybersecurity risk management strategy, expectations and policy are established, communicated and monitored,” the framework stated, and is intended to address the implementation and oversight of a cybersecurity strategy.
“‘Govern’ really represents the fact that we have to bring this into the boardroom for discussion,” Laurie Locascio, director of NIST and under secretary of Commerce for Standards and Technology, said during an Aspen Digital event Monday. “That took a lot…
