💼 GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated

• Contextual name: 💼 GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated
• ID: /frameworks/nist-csf-v2.0/gv-oc/05
• Located in: 💼 Organizational Context (GV.OC)

Description

1. Create an inventory of the organization's dependencies on external resources (e.g., facilities, cloud-based hosting providers) and their relationships to organizational assets and business functions
2. Identify and document external dependencies that are potential points of failure for the organization's critical capabilities and services, and share that information with appropriate personnel

Similar

• Sections
  • /frameworks/nist-csf-v1.1/id-be/01
  • /frameworks/nist-csf-v1.1/id-be/04
  • /frameworks/nist-sp-800-53-r5/pm/11
  • /frameworks/nist-sp-800-53-r5/pm/30
  • /frameworks/nist-sp-800-53-r5/ra/07
  • /frameworks/nist-sp-800-53-r5/sa/09
  • /frameworks/nist-sp-800-53-r5/sr/05

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 ID.BE-1: The organization's role in the supply chain is identified and communicated
💼 NIST CSF v1.1 → 💼 ID.BE-4: Dependencies and critical functions for delivery of critical services are established			3
💼 NIST SP 800-53 Revision 5 → 💼 PM-11 Mission and Business Process Definition
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy	1
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response
💼 NIST SP 800-53 Revision 5 → 💼 SA-9 External System Services	8	1	1
💼 NIST SP 800-53 Revision 5 → 💼 SR-5 Acquisition Strategies, Tools, and Methods	2

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Policies (3)

Policy	Logic Count	Flags
📝 AWS S3 Bucket Versioning is not enabled 🟢	1	🟢 x6
📝 Azure PostgreSQL Flexible Server connection_throttle.enable Parameter is not set to ON 🟢	1	🟢 x6
📝 Azure Storage Blob Containers Soft Delete is not enabled 🟢	1	🟢 x6