Youattest Logo

YouAttest and NIST Cybersecurity Framework 2.0 Govern (GV)

NIST (U.S. National Institute of Standards and Technology) has finalized its very important framework for cybersecurity – named NIST CSF 2.0.    NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks.

Image #1: The GOVERN (GV) Function is a key, unifying component of the NIST CSF 2.0 Framework

NIST CSF 2.0 introduces a new “Govern” function.   The “Govern”, GV function belies the key role of governance in cybersecurity risk management.  The Govern function is there to unite the other 5 categories and to ensure there is accountability that these other functions are executed – and to provide transparency in practices and procedures. NIST 2.0 emphasizes that cybersecurity is a key part of the acknowledgement and control of enterprise risk.

NIST CSF 2.0 Govern (GV) and YouAttest

GOVERN (GV): The organization’s cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored 

  • Organizational context (GV.OC): the circumstances—mission, stakeholder expectations, legal, regulatory, and contractual requirements—surrounding the organization’s cybersecurity risk management decisions are understood.

YouAttest:   YouAttest provides the legal “due care” around identity permission and roles around sensitive information (PHI, PII, CUI) to address cybersecurity risk. 

  • Risk management strategy (GV.RM): the organization’s priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions.

YouAttest:   Has created a new AI-based risk score on the identity store to help enterprises quantify  their risk tolerance for identities.

  • Roles, responsibilities, and authorities (GV.RR): cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated.

YouAttest:   The key value of YouAttest is to help enterprises inspect and to account for the rights and privileges of users and accounts through role attestation.

  • Policies (GV.PO): organizational cybersecurity policies, processes, and procedures are established, communicated, and enforced.

YouAttest:     Enforces the enterprise policies and reviewing and enforcing the process of least privilege on enterprise accounts.

  • Oversight (GV.OV): results of organization-wide cybersecurity risk management activities and performance are used to inform, improve, and adjust the risk management strategy.

YouAttest:     YouAttest becomes part of the enterprise risk management strategy – given that 60%+ of hacks start with credential accounts.

  • Cybersecurity supply chain risk management (GV.RM): cyber supply chain risk management processes are identified, established, managed, monitored, and improved by organizational stakeholders.

YouAttest:     YouAttest can be (and is) utilized by enterprises to confirm the rights and privileges of supply chain accounts with access to enterprise resources.

YouAttest for Identity Security and Risk Management

YouAttest is an automated user access review tool that helps organizations analyze and monitor user access policies. It allows businesses to quickly identify any potential security threats or anomalies and verify user identities and credentials. With this powerful tool, companies can trust that they are always in compliance with security regulations and standards, including NIST CSF 2.0 Governance principle around their identities.

Contact us today to learn more about how YouAttest can address your identity governance and risk management needs for NIST CSF 2.0 adherence and other guidelines.