💼 GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered

• ID: /frameworks/nist-csf-v2.0/gv-oc/02

Description

1. Identify relevant internal stakeholders and their cybersecurity-related expectations (e.g., performance and risk expectations of officers, directors, and advisors; cultural expectations of employees)
2. Identify relevant external stakeholders and their cybersecurity-related expectations (e.g., privacy expectations of customers, business expectations of partnerships, compliance expectations of regulators, ethics expectations of society)

Similar

• Sections
  • /frameworks/nist-csf-v1.1/id-sc/02
  • /frameworks/nist-csf-v1.1/id-gv/02
  • /frameworks/nist-sp-800-53-r5/pm/09
  • /frameworks/nist-sp-800-53-r5/pm/18
  • /frameworks/nist-sp-800-53-r5/pm/30
  • /frameworks/nist-sp-800-53-r5/sr/03
  • /frameworks/nist-sp-800-53-r5/sr/05
  • /frameworks/nist-sp-800-53-r5/sr/06
  • /frameworks/nist-sp-800-53-r5/sr/08

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners					no data
💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process		7	7		no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-18 Privacy Program Plan					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy	1				no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-3 Supply Chain Controls and Processes	3				no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods	2				no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-6 Supplier Assessments and Reviews	1				no data
💼 NIST SP 800-53 Revision 5 → 💼 SR-8 Notification Agreements					no data

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policies (7)

Policy	Logic Count	Flags	Compliance
🛡️ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For App Services is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Containers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Key Vault is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Servers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Storage is not set to On🟢	1	🟢 x6	no data