NIST CSF 1.1 vs 2.0 Public Draft vs 2.0 Official Release Circuit Board

February 26, 2024

The National Institute of Standards and Technology (NIST) officially released version 2.0 of their Cybersecurity Framework today.

As I noted in my previous article when the public draft of 2.0 was released in August 2023, there is a new function, "Govern".

What the NIST website doesn't communicate all that well, is what's changed.

So, I updated my NIST CSF 1.1 to 2.0 circuit board to include considerations and changes in the official release (click on the following image for the high resolution PDF version).

NIST CSF 1.1 to 2.0 circuit board -updated 26 February 2024

In summary:1.1 ▶ 2.0 Public Draft

🏛 A new function, "Govern", has been added, recognizing (just like the SEC and many other regulators) that Cyber Governance is extremely important, and something that's been ignored for too long.

2.0 Public Draft ▶ 2.0 Official Release

🆕 Added ID.RA-10: Critical suppliers are assessed prior to acquisition.

❌ Removed PR.DS-09: Data is managed throughout its life cycle, including destruction.

⬇ Shifted GV.SC: Cybersecurity Supply Chain Risk Management to be the last listed category in the Govern function.

✏ Edited definitions, mostly softening obligations placed on organizations.

Support for NIST CSF 2.0 in CyberHQ®

Finally, we're happy to announce support for the official public release of NIST CSF 2.0 in CyberHQ® Enterprise. Because we've managed to do this within 12 hours of release, we believe we're the first platform globally to support it in a software platform.

Ian Yip

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.