πΌ GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated
- Contextual name: πΌ GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated
- ID:
/frameworks/nist-csf-v2.0/gv-oc/04 - Located in: πΌ Organizational Context (GV.OC)
Descriptionβ
- Establish criteria for determining the criticality of capabilities and services as viewed by internal and external stakeholders
- Determine (e.g., from a business impact analysis) assets and business operations that are vital to achieving mission objectives and the potential impact of a loss (or partial loss) of such operations
- Establish and communicate resilience objectives (e.g., recovery time objectives) for delivering critical capabilities and services in various operating states (e.g., under attack, during recovery, normal operation)
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-be/04/frameworks/nist-csf-v1.1/id-be/05/frameworks/nist-sp-800-53-r5/pm/08/frameworks/nist-sp-800-53-r5/pm/11/frameworks/nist-sp-800-53-r5/cp/02/08/frameworks/nist-sp-800-53-r5/pm/30/01/frameworks/nist-sp-800-53-r5/ra/09
Similar Sections (Take Policies From)β
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (4)β
| Policy | Logic Count | Flags |
|---|---|---|
| π AWS Account Multi-Region CloudTrail is not enabled π’ | 1 | π’ x6 |
| π AWS S3 Bucket Versioning is not enabled π’ | 1 | π’ x6 |
| π Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON π’ | 1 | π’ x6 |
| π Azure Storage Blob Containers Soft Delete is not enabled π’ | 1 | π’ x6 |