💼 GV.PO-02: Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission

• Contextual name: 💼 GV.PO-02: Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission
• ID: /frameworks/nist-csf-v2.0/gv-po/02
• Located in: 💼 Policy (GV.PO)

Description

1. Update policy based on periodic reviews of cybersecurity risk management results to ensure that policy and supporting processes and procedures adequately maintain risk at an acceptable level
2. Provide a timeline for reviewing changes to the organization's risk environment (e.g., changes in risk or in the organization's mission objectives), and communicate recommended policy updates
3. Update policy to reflect changes in legal and regulatory requirements
4. Update policy to reflect changes in technology (e.g., adoption of artificial intelligence) and changes to the business (e.g., acquisition of a new business, new contract requirements)

Similar

• Sections
  • /frameworks/nist-csf-v1.1/id-gv/01
  • /frameworks/nist-sp-800-53-r5/ac/01
  • /frameworks/nist-sp-800-53-r5/at/01
  • /frameworks/nist-sp-800-53-r5/au/01
  • /frameworks/nist-sp-800-53-r5/ca/01
  • /frameworks/nist-sp-800-53-r5/cm/01
  • /frameworks/nist-sp-800-53-r5/cp/01
  • /frameworks/nist-sp-800-53-r5/ia/01
  • /frameworks/nist-sp-800-53-r5/ir/01
  • /frameworks/nist-sp-800-53-r5/ma/01
  • /frameworks/nist-sp-800-53-r5/mp/01
  • /frameworks/nist-sp-800-53-r5/pe/01
  • /frameworks/nist-sp-800-53-r5/pl/01
  • /frameworks/nist-sp-800-53-r5/pm/01
  • /frameworks/nist-sp-800-53-r5/ps/01
  • /frameworks/nist-sp-800-53-r5/pt/01
  • /frameworks/nist-sp-800-53-r5/ra/01
  • /frameworks/nist-sp-800-53-r5/sa/01
  • /frameworks/nist-sp-800-53-r5/sc/01
  • /frameworks/nist-sp-800-53-r5/si/01
  • /frameworks/nist-sp-800-53-r5/sr/01

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 ID.GV-1: Organizational cybersecurity policy is established and communicated
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Plan
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Procedures
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Procedures

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags