Skip to main content

πŸ’Ό GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered

  • Contextual name: πŸ’Ό GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered
  • ID: /frameworks/nist-csf-v2.0/gv-oc/02
  • Located in: πŸ’Ό Organizational Context (GV.OC)

Description​

  1. Identify relevant internal stakeholders and their cybersecurity-related expectations (e.g., performance and risk expectations of officers, directors, and advisors; cultural expectations of employees)
  2. Identify relevant external stakeholders and their cybersecurity-related expectations (e.g., privacy expectations of customers, business expectations of partnerships, compliance expectations of regulators, ethics expectations of society)

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/id-sc/02
    • /frameworks/nist-csf-v1.1/id-gv/02
    • /frameworks/nist-sp-800-53-r5/pm/09
    • /frameworks/nist-sp-800-53-r5/pm/18
    • /frameworks/nist-sp-800-53-r5/pm/30
    • /frameworks/nist-sp-800-53-r5/sr/03
    • /frameworks/nist-sp-800-53-r5/sr/05
    • /frameworks/nist-sp-800-53-r5/sr/06
    • /frameworks/nist-sp-800-53-r5/sr/08

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-9 Risk Management Strategy
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-18 Privacy Program Plan
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-30 Supply Chain Risk Management Strategy1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-3 Supply Chain Controls and Processes3
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-5 Acquisition Strategies, Tools, and Methods2
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-6 Supplier Assessments and Reviews1
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-8 Notification Agreements

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (7)​

PolicyLogic CountFlags
πŸ“ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For App Services is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Containers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Key Vault is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Servers is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On 🟒1🟒 x6
πŸ“ Azure Subscription Microsoft Defender For Storage is not set to On 🟒1🟒 x6