The Augusta plan V2.0 extends the Augusta plan V1.0 by accounting for existing cyber and information security regulations. Regulations that are in place in the US to deliver Cyber Supply Chain Risk Management (C-SCRM).  C-SCRM is an issue that the Federal Information Security Management Act (FISMA), passed by Congress in 2002 and modified in 2014 (Modernisation) aims to resolve. FISMA requires the adoption of the Risk Management Framework (RMF, NIST SP 800 – 37R2) by all Federal Agencies, their contractors, and the development of C-SCRM policy, the application of risk management practices that align with both FISMA and Office of Management and Budget (OMB) A-130 Managing Information as a Strategic Resource.

OMB circular A-130 establishes general policy for the planning, budgeting, governance, acquisition, and management of Federal information, personnel, equipment, funds, IT resources and supporting infrastructure and services, requiring Federal agencies to adhere to the Federal Information Security Modernization Act. As an example, the DoD is working towards meeting this requirement through the adoption of DoDI 8510.01 (Risk Management Framework (RMF) for DoD Information Technology (IT)) and DoDI 5000.90 (Cybersecurity for Acquisition Decision Authorities and Program Managers).

Augusta plan 2.0 accounts for existing OMB A-130 and FISMA regulations. Setting out a program for Federal Agencies and their contractors to adopt cyber risk management practices defined under NIST SP 800-37R2. Maintaining existing regulated US Federal Government cybersecurity compliance, providing an economically viable solution to support small businesses in deploying cybersecurity and a solution that can be applied across international supply chains. Including those that the US Department of Defence relies upon to deliver weapon systems.