💼 GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated

Description

Establish criteria for determining the criticality of capabilities and services as viewed by internal and external stakeholders
Determine (e.g., from a business impact analysis) assets and business operations that are vital to achieving mission objectives and the potential impact of a loss (or partial loss) of such operations
Establish and communicate resilience objectives (e.g., recovery time objectives) for delivering critical capabilities and services in various operating states (e.g., under attack, during recovery, normal operation)

Section	Internal Rules	Policies	Compliance
💼 NIST CSF v1.1 → 💼 ID.BE-4: Dependencies and critical functions for delivery of critical services are established		3	no data
💼 NIST CSF v1.1 → 💼 ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)	3	3	no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-2(8) Contingency Plan _ Identify Critical Assets			no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-8 Critical Infrastructure Plan			no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-11 Mission and Business Process Definition			no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-30(1) Supply Chain Risk Management Strategy _ Suppliers of Critical or Mission-essential Items			no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-9 Criticality Analysis			no data

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policy	Logic Count	Flags	Compliance
🛡️ AWS S3 Bucket Versioning is not enabled🟢	1	🟢 x6	no data
🛡️ Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON🟢	1	🟢 x6	no data
🛡️ Azure Storage Blob Containers Soft Delete is not enabled🟢	1	🟢 x6	no data