💼 GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated

Contextual name: 💼 GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated
ID: /frameworks/nist-csf-v2.0/gv-oc/04
Located in: 💼 Organizational Context (GV.OC)

Description

Establish criteria for determining the criticality of capabilities and services as viewed by internal and external stakeholders
Determine (e.g., from a business impact analysis) assets and business operations that are vital to achieving mission objectives and the potential impact of a loss (or partial loss) of such operations
Establish and communicate resilience objectives (e.g., recovery time objectives) for delivering critical capabilities and services in various operating states (e.g., under attack, during recovery, normal operation)

Section	Internal Rules	Policies
💼 NIST CSF v1.1 → 💼 ID.BE-4: Dependencies and critical functions for delivery of critical services are established		3
💼 NIST CSF v1.1 → 💼 ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)	3	3
💼 NIST SP 800-53 Revision 5 → 💼 CP-2(8) Contingency Plan _ Identify Critical Assets
💼 NIST SP 800-53 Revision 5 → 💼 PM-8 Critical Infrastructure Plan
💼 NIST SP 800-53 Revision 5 → 💼 PM-11 Mission and Business Process Definition
💼 NIST SP 800-53 Revision 5 → 💼 PM-30(1) Supply Chain Risk Management Strategy _ Suppliers of Critical or Mission-essential Items
💼 NIST SP 800-53 Revision 5 → 💼 RA-9 Criticality Analysis

Section	Sub Sections	Internal Rules	Policies	Flags

Policy	Logic Count	Flags
📝 AWS S3 Bucket Versioning is not enabled 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure Storage Blob Containers Soft Delete is not enabled 🟢	1	🟢 x6