💼 GV.RM-02: Risk appetite and risk tolerance statements are established, communicated, and maintained
- Contextual name: 💼 GV.RM-02: Risk appetite and risk tolerance statements are established, communicated, and maintained
- ID:
/frameworks/nist-csf-v2.0/gv-rm/02 - Located in: 💼 Risk Management Strategy (GV.RM)
Description​
- Determine and communicate risk appetite statements that convey expectations about the appropriate level of risk for the organization
- Translate risk appetite statements into specific, measurable, and broadly understandable risk tolerance statements
- Refine organizational objectives and risk appetite periodically based on known risk exposure and residual risk
Similar​
- Sections
/frameworks/nist-csf-v1.1/id-rm/02/frameworks/nist-csf-v1.1/id-rm/03/frameworks/nist-sp-800-53-r5/pm/09
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.RM-2: Organizational risk tolerance is determined and clearly expressed | ||||
| 💼 NIST CSF v1.1 → 💼 ID.RM-3: The organization's determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|