πΌ GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
- Contextual name: πΌ GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
- ID:
/frameworks/nist-csf-v2.0/gv-rm/03 - Located in: πΌ Risk Management Strategy (GV.RM)
Descriptionβ
- Aggregate and manage cybersecurity risks alongside other enterprise risks (e.g., compliance, financial, operational, regulatory, reputational, safety)
- Include cybersecurity risk managers in enterprise risk management planning
- Establish criteria for escalating cybersecurity risks within enterprise risk management
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-gv/04/frameworks/nist-sp-800-53-r5/pm/03/frameworks/nist-sp-800-53-r5/pm/09/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/ra/07/frameworks/nist-sp-800-53-r5/sr/02
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.GV-4: Governance and risk management processes address cybersecurity risks | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-3 Information Security and Privacy Resources | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-9 Risk Management Strategy | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-30 Supply Chain Risk Management Strategy | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ RA-7 Risk Response | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ SR-2 Supply Chain Risk Management Plan | 1 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|