Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management | FedScoop<\/title> <meta name=\"description\" content=\"10 years after the agency\u2019s first cybersecurity framework, version 2.0 includes \u201cgovern\u201d as a core function to set the tone for implementation and oversight of cyber strategies. 10 years after the agency\u2019s first cybersecurity framework, version 2.0 includes \u201cgovern\u201d as a core function to set the tone for implementation and oversight of cyber strategies.\"> <link rel=\"canonical\" href=\"https:\/\/fedscoop.com\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management\"> <meta property=\"og:description\" content=\"10 years after the agency\u2019s first cybersecurity framework, version 2.0 includes \u201cgovern\u201d as a core function to set the tone for implementation and oversight of cyber strategies.\"> <meta property=\"og:url\" content=\"https:\/\/fedscoop.com\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management\/\"> <meta property=\"og:site_name\" content=\"FedScoop\"> <meta property=\"article:published_time\" content=\"2024-02-27T00:04:49+00:00\"> <meta property=\"article:modified_time\" content=\"2024-02-27T00:04:50+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1080\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"cnihill\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Feed\" href=\"https:\/\/fedscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Comments Feed\" href=\"https:\/\/fedscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/fedscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1706643139g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/fedscoop.com\/_static\/??\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css,\/wp-content\/plugins\/embedpress\/Gutenberg\/dist\/blocks.style.build.css?m=1708982929\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/fedscoop.com\/_static\/??\/wp-content\/plugins\/embedpress\/assets\/css\/embedpress.css,\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1708982930\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=17ca7a1ec36db7d13744\" media=\"all\">\n<link rel=\"stylesheet\" id=\"all-css-10\" href=\"https:\/\/fedscoop.com\/_static\/??\/wp-includes\/css\/dashicons.min.css,\/wp-content\/plugins\/embedpress\/assets\/css\/plyr.css?m=1708982929\" type=\"text\/css\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/fedscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/fedscoop.com\/wp-json\/wp\/v2\/posts\/76211\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/fedscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.3\">\n<link rel=\"shortlink\" href=\"https:\/\/fedscoop.com\/?p=76211\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Fupdated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Fupdated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-76211 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/fedscoop.com\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.402366863905\">\n<div class=\"single-article__header-content\" readability=\"31.894736842105\">\n<p> 10 years after the agency\u2019s first cybersecurity framework, version 2.0 includes \u201cgovern\u201d as a core function to set the tone for implementation and oversight of cyber strategies. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"cybersecurity\" decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-2.jpg?resize=1500,843 1500w\" sizes=\"auto, (max-width: 1200px) 100vw, 1200px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"35.954040252328\"><body readability=\"75.212475633528\"><\/p>\n<p>A decade after releasing its landmark national cybersecurity framework, the National Institute of Standards and Technology on Monday released <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/CSWP\/NIST.CSWP.29.pdf\">version 2.0<\/a>, an updated document that emphasizes governance and supply chain issues for both public and private sector entities. <\/p>\n<p>The new guidance, which outlines \u201chigh-level cybersecurity outcomes that can be used by any organization \u2026 to better understand, assess, prioritize and communicate its cybersecurity efforts,\u201d adds a sixth core function \u2014 \u201cgovern\u201d \u2014 to the previously stated pillars: \u201cidentify,\u201d \u201cprotect,\u201d \u201cdetect,\u201d \u201crespond,\u201d and \u201crecover.\u201d <\/p>\n<p>\u201cGovern\u201d focuses on how an organization\u2019s \u201ccybersecurity risk management strategy, expectations and policy are established, communicated and monitored,\u201d the framework stated, and is intended to address the implementation and oversight of a cybersecurity strategy. <\/p>\n<p>\u201c\u2018Govern\u2019 really represents the fact that we have to bring this into the boardroom for discussion,\u201d Laurie Locascio, director of NIST and under secretary of Commerce for Standards and Technology, said during an <a href=\"https:\/\/www.aspendigital.org\/event\/cybersecurity-framework\/\">Aspen Digital event<\/a> Monday. \u201cThat took a lot of discussion really across all the stakeholders, because it is a big change\u201d going from five core functions to six in the framework. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Locascio noted that 10 years ago, before NIST\u2019s initial CSF was launched, there was discussion about the elements of \u201cgovern,\u201d but agency leaders \u201creally weren\u2019t ready yet to incorporate it.\u201d But it was a priority for the latest iteration of the framework, especially the focus on the supply chain, which is listed underneath the \u201cgovern\u201d pillar.<\/p>\n<p>The document\u2019s spotlight on supply chain risks covers how various types of technologies rely on a complex ecosystem for outsourcing, which involves geographically diverse routes for both private and public sector organizations that offer a variety of services. In the updated CSF, NIST points to <a href=\"https:\/\/csrc.nist.gov\/pubs\/sp\/800\/161\/r1\/final\">Cybersecurity Supply Chain Risk Management <\/a>(C-SCRM) as a systemic process to manage exposure to cybersecurity risks by developing appropriate \u201cstrategies, policies, processes and procedures.\u201d<\/p>\n<p>Along with the overall framework, NIST released the <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.1299.pdf\">CSF\u2019s Quick Start Guides<\/a> (QSG) with implementation examples that allow entities to \u201cview and download notional examples of concise, action-oriented steps to help achieve the outcomes of the CSF 2.0 subcategories in addition to the guidance provided in the informative references.\u201d<\/p>\n<p>In creating the new framework, Locascio said NIST fielded comments from stakeholders regarding the draft <a href=\"https:\/\/www.nist.gov\/cyberframework\/csf-20-draft-comments-received\">CSF document<\/a>, but was not able to accept every single comment. <\/p>\n<p>\u201cYou come to a consensus, you have a larger discussion, but every single conversation, I think, led to a better place,\u201d Locascio said. \u201cWhen we didn\u2019t accept something verbatim \u2026 there was a reason and we talked through it together. I think that also engenders trust because we were very transparent about the process, very openly engaged and really valued your feedback.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.4\">\n<div class=\"author-card\" readability=\"7\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management-1.jpg?w=640&ssl=1\" alt=\"Caroline Nihill\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Caroline Nihill<\/h4>\n<p> Caroline Nihill is a Scoop News Group editorial fellow. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Acquisition<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to FedScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/fedscoop.com\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Updated NIST cybersecurity framework adds core function, focuses on supply<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78],"tags":[86],"class_list":["post-2609","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a>","tag_info":"Cybersecurity","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2609","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2609"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2609\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2609"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2609"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2609"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2609,"date":"2024-02-27T00:08:38","date_gmt":"2024-02-27T00:08:38","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=79467"},"modified":"2024-02-27T00:08:38","modified_gmt":"2024-02-27T00:08:38","slug":"updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/02\/27\/updated-nist-cybersecurity-framework-adds-core-function-focuses-on-supply-chain-risk-management\/","title":{"rendered":"Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management"},"content":{"rendered":"