πΌ GV.RR-01: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving
- Contextual name: πΌ GV.RR-01: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving
- ID:
/frameworks/nist-csf-v2.0/gv-rr/01 - Located in: πΌ Roles, Responsibilities, and Authorities (GV.RR)
Descriptionβ
- Leaders (e.g., directors) agree on their roles and responsibilities in developing, implementing, and assessing the organization's cybersecurity strategy
- Share leaders' expectations regarding a secure and ethical culture, especially when current events present the opportunity to highlight positive or negative examples of cybersecurity risk management
- Leaders direct the CISO to maintain a comprehensive cybersecurity risk strategy and review and update it at least annually and after major events
- Conduct reviews to ensure adequate authority and coordination among those responsible for managing cybersecurity risk
Similarβ
- Sections
/frameworks/nist-sp-800-53-r5/pm/02/frameworks/nist-sp-800-53-r5/pm/19/frameworks/nist-sp-800-53-r5/pm/23/frameworks/nist-sp-800-53-r5/pm/24/frameworks/nist-sp-800-53-r5/pm/29
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-2 Information Security Program Leadership Role | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-19 Privacy Program Leadership Role | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-23 Data Governance Body | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-24 Data Integrity Board | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-29 Risk Management Program Leadership Roles |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|