💼 GV.PO-01: Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced

• Contextual name: 💼 GV.PO-01: Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced
• ID: /frameworks/nist-csf-v2.0/gv-po/01
• Located in: 💼 Policy (GV.PO)

Description

1. Create, disseminate, and maintain an understandable, usable risk management policy with statements of management intent, expectations, and direction
2. Periodically review policy and supporting processes and procedures to ensure that they align with risk management strategy objectives and priorities, as well as the high-level direction of the cybersecurity policy
3. Require approval from senior management on policy
4. Communicate cybersecurity risk management policy and supporting processes and procedures across the organization
5. Require personnel to acknowledge receipt of policy when first hired, annually, and whenever policy is updated

Similar

• Sections
  • /frameworks/nist-csf-v1.1/id-gv/01
  • /frameworks/nist-sp-800-53-r5/ac/01
  • /frameworks/nist-sp-800-53-r5/at/01
  • /frameworks/nist-sp-800-53-r5/au/01
  • /frameworks/nist-sp-800-53-r5/ca/01
  • /frameworks/nist-sp-800-53-r5/cm/01
  • /frameworks/nist-sp-800-53-r5/cp/01
  • /frameworks/nist-sp-800-53-r5/ia/01
  • /frameworks/nist-sp-800-53-r5/ir/01
  • /frameworks/nist-sp-800-53-r5/ma/01
  • /frameworks/nist-sp-800-53-r5/mp/01
  • /frameworks/nist-sp-800-53-r5/pe/01
  • /frameworks/nist-sp-800-53-r5/pl/01
  • /frameworks/nist-sp-800-53-r5/pm/01
  • /frameworks/nist-sp-800-53-r5/ps/01
  • /frameworks/nist-sp-800-53-r5/pt/01
  • /frameworks/nist-sp-800-53-r5/ra/01
  • /frameworks/nist-sp-800-53-r5/sa/01
  • /frameworks/nist-sp-800-53-r5/sc/01
  • /frameworks/nist-sp-800-53-r5/si/01
  • /frameworks/nist-sp-800-53-r5/sr/01

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 ID.GV-1: Organizational cybersecurity policy is established and communicated
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags