💼 GV.RR-01: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving
- Contextual name: 💼 GV.RR-01: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving
- ID:
/frameworks/nist-csf-v2.0/gv-rr/01 - Located in: 💼 Roles, Responsibilities, and Authorities (GV.RR)
Description​
- Leaders (e.g., directors) agree on their roles and responsibilities in developing, implementing, and assessing the organization's cybersecurity strategy
- Share leaders' expectations regarding a secure and ethical culture, especially when current events present the opportunity to highlight positive or negative examples of cybersecurity risk management
- Leaders direct the CISO to maintain a comprehensive cybersecurity risk strategy and review and update it at least annually and after major events
- Conduct reviews to ensure adequate authority and coordination among those responsible for managing cybersecurity risk
Similar​
- Sections
/frameworks/nist-sp-800-53-r5/pm/02/frameworks/nist-sp-800-53-r5/pm/19/frameworks/nist-sp-800-53-r5/pm/23/frameworks/nist-sp-800-53-r5/pm/24/frameworks/nist-sp-800-53-r5/pm/29
Similar Sections (Take Policies From)​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-2 Information Security Program Leadership Role | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-19 Privacy Program Leadership Role | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-23 Data Governance Body | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-24 Data Integrity Board | ||||
| 💼 NIST SP 800-53 Revision 5 → 💼 PM-29 Risk Management Program Leadership Roles |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|