💼 GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated
- ID:
/frameworks/nist-csf-v2.0/gv-rm/04
Description​
- Specify criteria for accepting and avoiding cybersecurity risk for various classifications of data
- Determine whether to purchase cybersecurity insurance
- Document conditions under which shared responsibility models are acceptable (e.g., outsourcing certain cybersecurity functions, having a third party perform financial transactions on behalf of the organization, using public cloud-based services)
Similar​
- Sections
/frameworks/nist-csf-v1.1/id-rm/02/frameworks/nist-sp-800-53-r5/pm/09/frameworks/nist-sp-800-53-r5/pm/28/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/sr/02
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST CSF v1.1 → 💼 ID.RM-2: Organizational risk tolerance is determined and clearly expressed | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-28 Risk Framing | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy | 1 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan | 1 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|