GV.OC-05—Outcomes, capabilities, and services that the organization depends on are understood and communicated
>Control Description
This organizational context subcategory ensures that outcomes, capabilities, and services that the organization depends on are understood and communicated. Key activities include: Create an inventory of the organization’s dependencies on external resources (e; Identify and document external dependencies that are potential points of failure for the organization’s critical capabilities and services, and sha....
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
BCR-11
STA-01
STA-04
CRI Profile v2.0
GV.OC-05
GV.OC-05.01
GV.OC-05.02
GV.OC-05.03
GV.OC-05.04
CSF v1.1
ID.BE-1
ID.BE-4
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 5.3
NICE Framework
OG-WRL-002
OG-WRL-006
OG-WRL-007
OG-WRL-010
OG-WRL-014
PCI DSS
12.8.1
12.8.4
12.9.1
12.9.2
1.2.3
1.2.4
12.5.2
12.5.1
SCF
BCD-02
TPM-02
SP 800-171 Rev 3
03.11.04
03.16.03
03.17.02
SP 800-221A
GV.CT-5
MA.RI-1
SP 800-53 Rev 5.1.1
PM-11
PM-30
RA-07
SA-09
SR-05
SP 800-53 Rev 5.2.0
PM-11
PM-30
RA-07
SA-09
SR-05
SP-800-37 Rev 2
RMF Prepare Step (System Level): TASK P-8 Mission or Business Focus
RMF Prepare Step (System Level): TASK P-10 Asset Identification
Ask AI
Configure your API key to use AI features.