Update (26 February 2024): NIST CSF 2.0 has officially been released. Here is our more recent article and updated circuit board.
The National Institute of Standards and Technology (NIST) released the public draft of the NIST CSF 2.0 last week.
Many have noticed there's a brand new function: Govern.
I like to understand things in depth. So, I've drawn lines between all the subcategories to help articulate visually what the changes between 1.1 and 2.0 look like.
I call it my NIST CSF 1.1 vs 2.0 Circuit Board.
The message is clear: "Govern" is big.
Between NIST CSF 2.0 and the U.S. Securities and Exchange Commission's (SEC) new Cyber Risk Management Rules, it's clear that the authorities want organizations to prove at senior levels that cybersecurity is being governed properly.
From an Avertro standpoint, we have to thank NIST and the SEC. They've made our pitch for CyberHQ a lot shorter.
At the Black Hat conference in Las Vegas last week, I found myself using these new one-liners a lot:
- You know the new NIST 2.0 standard that will be coming out soon? There's a whole new 'Govern' section. CyberHQ does all that.
- CyberHQ significantly helps organizations meet the new SEC rules for cybersecurity management.
Stay tuned for more updates as we get closer to the final version of NIST CSF 2.0 for more analysis.
