Under active development — Content is continuously updated and improved

GV.OV-01—Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction

>Control Description

This oversight subcategory ensures that cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction. Key activities include: Measure how well the risk management strategy and risk results have helped leaders make decisions and achieve organizational objectives; Examine whether cybersecurity risk strategies that impede operations or innovation should be adjusted.

>Cross-Framework Mappings

PCI DSS v4.0.1

via NIST OLIR Catalog

ISO 27001:2022

via NIST OLIR Catalog

SOC 2 TSC

SCF

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CRI Profile v2.0

GV.OV-01

GV.OV-01.01

GV.OV-01.02

GV.OV-01.03

CoP

E1

ISO/IEC 27001:2022

Mandatory Clause: 9.1

Annex A Controls: 5.1

Annex A Controls: 5.19

NICE Framework

OG-WRL-002

OG-WRL-007

OG-WRL-016

PCI DSS

12.3.1

12.10.6

12.10.2

12.4.2

12.4.2.1

10.7.1

10.7.2

SCF

GOV-05

GOV-03

SP 800-171 Rev 3

03.11.01

03.11.04

03.15.01

SP 800-221A

GV.AD-3

SP 800-53 Rev 5.1.1

AC-01

AT-01

AU-01

CA-01

CM-01

CP-01

IA-01

IR-01

+18 more

SP 800-53 Rev 5.2.0

AC-01

AT-01

AU-01

CA-01

CM-01

CP-01

IA-01

IR-01

+18 more

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O

RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System

RMF Select Step: TASK S-5 Continuous Monitoring Strategy— System

RMF Authorize Step: TASK R-3 Risk Response

RMF Monitor Step: TASK M-2 Ongoing Assessments

RMF Monitor Step: TASK M-3 Ongoing Risk Response

Ask AI

Configure your API key to use AI features.