**Govern function:** Elevates governance and supply chain risk to a top-level function, reflecting that cybersecurity requires board-level engagement and extends through the supply chain. - **Supply chain risk management (GV.SC):** Strengthened subcategory with expanded guidance on third-party risk