>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GV.RM-04Strategic direction that describes appropriate risk response options is established and communicated

>Control Description

This risk management strategy subcategory ensures that strategic direction that describes appropriate risk response options is established and communicated. Key activities include: Specify criteria for accepting and avoiding cybersecurity risk for various classifications of data; Determine whether to purchase cybersecurity insurance; Document conditions under which shared responsibility models are acceptable (e.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
PM-09
Compare
PM-28
Compare
PM-30
Compare
SR-02
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
12.10.1
Compare
12.10.2
Compare
12.10.6
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.1
Compare

SOC 2 TSC

CC3.3
Compare

SCF

RSK-01
Compare
RSK-01.1
Compare
RSK-06
Compare
RSK-06.1
Compare
RSK-06.2
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

GRC-02
BCR-03
STA-01

CRI Profile v2.0

GV.RM-04
GV.RM-04.01

CSF v1.1

ID.RM-2

CoP

B1
B2

ISO/IEC 27001:2022

Mandatory Clause: 6.1.3
Annex A Controls: 5.1

NICE Framework

OG-WRL-002
OG-WRL-007
OG-WRL-010
OG-WRL-015

PCI DSS

12.10.1
12.10.2
12.10.6

SCF

RSK-01
RSK-01.1
RSK-06.1

SP 800-171 Rev 3

03.17.01

SP 800-221A

GV.BE-1

SP 800-53 Rev 5.1.1

PM-09
PM-28
PM-30
SR-02

SP 800-53 Rev 5.2.0

PM-09
PM-28
PM-30
SR-02

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O

Ask AI

Configure your API key to use AI features.