Skip to main content

πŸ’Ό GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed

  • Contextual name: πŸ’Ό GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed
  • ID: /frameworks/nist-csf-v2.0/gv-oc/03
  • Located in: πŸ’Ό Organizational Context (GV.OC)

Description​

  1. Determine a process to track and manage legal and regulatory requirements regarding protection of individuals' information (e.g., Health Insurance Portability and Accountability Act, California Consumer Privacy Act, General Data Protection Regulation)
  2. Determine a process to track and manage contractual requirements for cybersecurity management of supplier, customer, and partner information
  3. Align the organization's cybersecurity strategy with legal, regulatory, and contractual requirements

Similar​

  • Sections
    • /frameworks/nist-csf-v1.1/id-gv/03
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01
    • /frameworks/nist-sp-800-53-r5/pm/28

Similar Sections (Take Policies From)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed22
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AC-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AT-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CM-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CP-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό IR-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό MA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό MP-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PE-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PL-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-1 Information Security Program Plan
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PM-28 Risk Framing
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PS-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό PT-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό RA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SA-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SC-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-1 Policy and Procedures
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SR-1 Policy and Procedures

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags

Policies (2)​

PolicyLogic CountFlags
πŸ“ AWS Account Multi-Region CloudTrail is not enabled 🟒1🟒 x6
πŸ“ AWS CloudTrail Log File Validation is not enabled 🟒1🟒 x6