Skip to main content

💼 GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes

Contextual name: 💼 GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
ID: /frameworks/nist-csf-v2.0/gv-rm/03
Located in: 💼 Risk Management Strategy (GV.RM)

Description

Aggregate and manage cybersecurity risks alongside other enterprise risks (e.g., compliance, financial, operational, regulatory, reputational, safety)
Include cybersecurity risk managers in enterprise risk management planning
Establish criteria for escalating cybersecurity risks within enterprise risk management

Similar

Sections
- /frameworks/nist-csf-v1.1/id-gv/04
- /frameworks/nist-sp-800-53-r5/pm/03
- /frameworks/nist-sp-800-53-r5/pm/09
- /frameworks/nist-sp-800-53-r5/pm/30
- /frameworks/nist-sp-800-53-r5/ra/07
- /frameworks/nist-sp-800-53-r5/sr/02

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 ID.GV-4: Governance and risk management processes address cybersecurity risks
💼 NIST SP 800-53 Revision 5 → 💼 PM-3 Information Security and Privacy Resources
💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy	1
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan	1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description
Similar
Similar Sections (Take Policies From)
Sub Sections