Skip to main content

💼 Organizational Context (GV.OC)

Contextual name: 💼 Organizational Context (GV.OC)
ID: /frameworks/nist-csf-v2.0/gv-oc
Located in: 💼 NIST CSF v2.0

Description

The circumstances - mission, stakeholder expectations, dependencies, and legal, regulatory, and contractual requirements - surrounding the organization's cybersecurity risk management decisions are understood.

Similar

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags
💼 GV.OC-01: The organizational mission is understood and informs cybersecurity risk management
💼 GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered			7
💼 GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed			6
💼 GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated			3
💼 GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated			3

Description
Similar
Sub Sections