Skip to main content

💼 GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated

Contextual name: 💼 GV.RM-04: Strategic direction that describes appropriate risk response options is established and communicated
ID: /frameworks/nist-csf-v2.0/gv-rm/04
Located in: 💼 Risk Management Strategy (GV.RM)

Description

Specify criteria for accepting and avoiding cybersecurity risk for various classifications of data
Determine whether to purchase cybersecurity insurance
Document conditions under which shared responsibility models are acceptable (e.g., outsourcing certain cybersecurity functions, having a third party perform financial transactions on behalf of the organization, using public cloud-based services)

Similar

Sections
- /frameworks/nist-csf-v1.1/id-rm/02
- /frameworks/nist-sp-800-53-r5/pm/09
- /frameworks/nist-sp-800-53-r5/pm/28
- /frameworks/nist-sp-800-53-r5/pm/30
- /frameworks/nist-sp-800-53-r5/sr/02

Similar Sections (Take Policies From)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 ID.RM-2: Organizational risk tolerance is determined and clearly expressed
💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy
💼 NIST SP 800-53 Revision 5 → 💼 PM-28 Risk Framing
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy	1
💼 NIST SP 800-53 Revision 5 → 💼 SR-2 Supply Chain Risk Management Plan	1

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description
Similar
Similar Sections (Take Policies From)
Sub Sections