One of the major updates to CSF 2.0 is the creation of the Govern Function, highlighting the importance of ensuring cybersecurity capabilities support the broader mission through Enterprise Risk Management (ERM).

Governance is the process of determining enterprise objectives, setting direction to achieve those objectives, and monitoring performance to adjust strategy as necessary. Risk governance provides the transparency, responsibility, and accountability that enables managers to effectively manage risk (NIST IR 8286C).