πΌ GV.RM-02: Risk appetite and risk tolerance statements are established, communicated, and maintained
- Contextual name: πΌ GV.RM-02: Risk appetite and risk tolerance statements are established, communicated, and maintained
- ID:
/frameworks/nist-csf-v2.0/gv-rm/02 - Located in: πΌ Risk Management Strategy (GV.RM)
Descriptionβ
- Determine and communicate risk appetite statements that convey expectations about the appropriate level of risk for the organization
- Translate risk appetite statements into specific, measurable, and broadly understandable risk tolerance statements
- Refine organizational objectives and risk appetite periodically based on known risk exposure and residual risk
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-rm/02/frameworks/nist-csf-v1.1/id-rm/03/frameworks/nist-sp-800-53-r5/pm/09
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.RM-2: Organizational risk tolerance is determined and clearly expressed | ||||
| πΌ NIST CSF v1.1 β πΌ ID.RM-3: The organization's determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-9 Risk Management Strategy |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|