GV.PO-01—Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced
>Control Description
This policy subcategory ensures that policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced. Key activities include: Create, disseminate, and maintain an understandable, usable risk management policy with statements of management intent, expectations, and direction; Periodically review policy and supporting processes and procedures to ensure that they align with risk management strategy objectives and prioritie...; Require approval from senior management on policy.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
A&A-01
AIS-01
BCR-01
CCC-01
CEK-01
DCS-01
DCS-02
DCS-03
+20 more
CRI Profile v2.0
GV.PO-01
GV.PO-01.01
GV.PO-01.02
GV.PO-01.03
GV.PO-01.04
GV.PO-01.05
GV.PO-01.06
GV.PO-01.07
+1 more
CSF v1.1
ID.GV-1
CoP
C2
ISO/IEC 27001:2022
Mandatory Clause: 5.2
Annex A Controls: 5.1
NICE Framework
IO-WRL-003
OG-WRL-002
OG-WRL-007
OG-WRL-010
PCI DSS
12.1.1
12.6.1
12.1.4
12.1.2
12.1.3
SCF
GOV-02
HRS-07
SP 800-171 Rev 3
03.15.01
SP 800-221A
GV.PO-1
SP 800-53 Rev 5.1.1
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+12 more
SP 800-53 Rev 5.2.0
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+12 more
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
Ask AI
Configure your API key to use AI features.