GV.OC-03—Legal, regulatory, and contractual requirements regarding cybersecurity — including privacy and civil liberties obligations — are understood and managed
>Control Description
This organizational context subcategory ensures that legal, regulatory, and contractual requirements regarding cybersecurity — including privacy and civil liberties obligations — are understood and managed. Key activities include: Determine a process to track and manage legal and regulatory requirements regarding protection of individuals’ information (e; Determine a process to track and manage contractual requirements for cybersecurity management of supplier, customer, and partner information; Align the organization’s cybersecurity strategy with legal, regulatory, and contractual requirements.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
CEK-12
CEK-13
CEK-14
CEK-15
CEK-16
CEK-17
CEK-18
CEK-19
+12 more
CRI Profile v2.0
GV.OC-03
GV.OC-03.01
GV.OC-03.02
CSF v1.1
ID.GV-3
CoP
A1
D3
E2
E3
E4
E5
ISO/IEC 27001:2022
Mandatory Clause: 4.2(a)
Mandatory Clause: 4.2(b)
Annex A Controls: 5.20
Annex A Controls: 5.31
NICE Framework
OG-WRL-002
OG-WRL-006
OG-WRL-007
OG-WRL-008
OG-WRL-010
PCI DSS
12.8.2
12.8.4
12.8.5
12.8.1
12.9.1
12.9.2
3.2.1
9.4.6
+1 more
SCF
CPL-01
CPL-02
PRI-01
TPM-05
TPM-05.2
SP 800-171 Rev 3
03.15.01
SP 800-218
PO.1.1
PO.1.2
SP 800-53 Rev 5.1.1
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+14 more
SP 800-53 Rev 5.2.0
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+14 more
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (System Level): TASK P-15 Requirements Definition
RMF Prepare Step (System Level): TASK P-17 Requirements Allocation
Ask AI
Configure your API key to use AI features.