💼 GV.RM-07: Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions
- ID:
/frameworks/nist-csf-v2.0/gv-rm/07
Description​
- Define and communicate guidance and methods for identifying opportunities and including them in risk discussions (e.g., strengths, weaknesses, opportunities, and threats [SWOT] analysis)
- Identify stretch goals and document them
- Calculate, document, and prioritize positive risks alongside negative risks
Similar​
- Sections
/frameworks/nist-sp-800-53-r5/pm/09/frameworks/nist-sp-800-53-r5/pm/18/frameworks/nist-sp-800-53-r5/pm/28/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/ra/03
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-18 Privacy Program Plan | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-28 Risk Framing | no data | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy | 1 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 RA-3 Risk Assessment | 4 | 1 | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|