πΌ GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders
- Contextual name: πΌ GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders
- ID:
/frameworks/nist-csf-v2.0/gv-rm/01 - Located in: πΌ Risk Management Strategy (GV.RM)
Descriptionβ
- Update near-term and long-term cybersecurity risk management objectives as part of annual strategic planning and when major changes occur
- Establish measurable objectives for cybersecurity risk management (e.g., manage the quality of user training, ensure adequate risk protection for industrial control systems)
- Senior leaders agree about cybersecurity objectives and use them for measuring and managing risk and performance
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-rm/01/frameworks/nist-sp-800-53-r5/pm/09/frameworks/nist-sp-800-53-r5/ra/07/frameworks/nist-sp-800-53-r5/sr/02
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-9 Risk Management Strategy | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ RA-7 Risk Response | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-2 Supply Chain Risk Management Plan | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|