Skip to main content

💼 GV.PO-01: Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced

  • ID: /frameworks/nist-csf-v2.0/gv-po/01

Description

  1. Create, disseminate, and maintain an understandable, usable risk management policy with statements of management intent, expectations, and direction
  2. Periodically review policy and supporting processes and procedures to ensure that they align with risk management strategy objectives and priorities, as well as the high-level direction of the cybersecurity policy
  3. Require approval from senior management on policy
  4. Communicate cybersecurity risk management policy and supporting processes and procedures across the organization
  5. Require personnel to acknowledge receipt of policy when first hired, annually, and whenever policy is updated

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/id-gv/01
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 ID.GV-1: Organizational cybersecurity policy is established and communicatedno data
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures3no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Planno data
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Proceduresno data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (3)

PolicyLogic CountFlagsCompliance
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢1🟢 x6no data