10 years after the agency’s first cybersecurity framework, version 2.0 includes “govern” as a core function to set the tone for implementation and oversight of cyber strategies.