NIST CSF 2.0: Running for Governor

Unlike the existing five functions of the NIST CSF, which have a logical process of identifying the risks; protecting assets; detecting and responding to cyberattacks; and then recovering to a normal steady state, the Govern function sits centrally to the framework. Govern sits at the core as it informs how the organisation will implement the other five functions, as shown in this illustration from the new framework draft document: