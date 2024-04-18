First is the introduction of the “Govern” function, which underpins all five functions of the original NIST framework: Identify, Protect, Detect, Respond and Recover. As noted by the original CSF 1.0 documentation, “these functions are not intended to form a serial path or lead to a static desired end state. Rather, the functions can be performed concurrently and continuously to form an operational culture that addresses the dynamic security risk.”

As a result, the functions are often depicted as a five-part circle that surrounds the center CST framework. Each function leads into the next, and no function is independent of another.

NIST CSF 2.0 keeps these functions but adds Govern as a complete inner ring located under the five outer functions. Govern focuses on ensuring that the other functions align with business needs, are regularly measured by operations teams and are managed by security executives.

In other words, Govern looks to bring leadership into the security conversation. While this is already happening in most businesses, CSF 2.0 makes it a priority.