Skip to main content

💼 GV.PO-02: Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission

  • ID: /frameworks/nist-csf-v2.0/gv-po/02

Description

  1. Update policy based on periodic reviews of cybersecurity risk management results to ensure that policy and supporting processes and procedures adequately maintain risk at an acceptable level
  2. Provide a timeline for reviewing changes to the organization's risk environment (e.g., changes in risk or in the organization's mission objectives), and communicate recommended policy updates
  3. Update policy to reflect changes in legal and regulatory requirements
  4. Update policy to reflect changes in technology (e.g., adoption of artificial intelligence) and changes to the business (e.g., acquisition of a new business, new contract requirements)

Similar

  • Sections
    • /frameworks/nist-csf-v1.1/id-gv/01
    • /frameworks/nist-sp-800-53-r5/ac/01
    • /frameworks/nist-sp-800-53-r5/at/01
    • /frameworks/nist-sp-800-53-r5/au/01
    • /frameworks/nist-sp-800-53-r5/ca/01
    • /frameworks/nist-sp-800-53-r5/cm/01
    • /frameworks/nist-sp-800-53-r5/cp/01
    • /frameworks/nist-sp-800-53-r5/ia/01
    • /frameworks/nist-sp-800-53-r5/ir/01
    • /frameworks/nist-sp-800-53-r5/ma/01
    • /frameworks/nist-sp-800-53-r5/mp/01
    • /frameworks/nist-sp-800-53-r5/pe/01
    • /frameworks/nist-sp-800-53-r5/pl/01
    • /frameworks/nist-sp-800-53-r5/pm/01
    • /frameworks/nist-sp-800-53-r5/ps/01
    • /frameworks/nist-sp-800-53-r5/pt/01
    • /frameworks/nist-sp-800-53-r5/ra/01
    • /frameworks/nist-sp-800-53-r5/sa/01
    • /frameworks/nist-sp-800-53-r5/sc/01
    • /frameworks/nist-sp-800-53-r5/si/01
    • /frameworks/nist-sp-800-53-r5/sr/01

Similar Sections (Take Policies From)

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
💼 NIST CSF v1.1 → 💼 ID.GV-1: Organizational cybersecurity policy is established and communicatedno data
💼 NIST SP 800-53 Revision 5 → 💼 AC-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 AT-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 AU-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 CA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 CM-1 Policy and Procedures3no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 IA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 IR-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 MA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 MP-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PE-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PL-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PM-1 Information Security Program Planno data
💼 NIST SP 800-53 Revision 5 → 💼 PS-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 PT-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 RA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SA-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SC-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SI-1 Policy and Proceduresno data
💼 NIST SP 800-53 Revision 5 → 💼 SR-1 Policy and Proceduresno data

Sub Sections

SectionSub SectionsInternal RulesPoliciesFlagsCompliance

Policies (3)

PolicyLogic CountFlagsCompliance
🛡️ Google Cloud SQL Server Instance 3625 (trace flag) Database Flag is not set to on🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value🟢1🟢 x6no data
🛡️ Google Cloud SQL Server Instance user options Database Flag is configured🟢1🟢 x6no data