💼 GV.RR-02: Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced

Description

Document risk management roles and responsibilities in policy
Document who is responsible and accountable for cybersecurity risk management activities and how those teams and individuals are to be consulted and informed
Include cybersecurity responsibilities and performance requirements in personnel descriptions
Document performance goals for personnel with cybersecurity risk management responsibilities, and periodically measure performance to identify areas for improvement
Clearly articulate cybersecurity responsibilities within operations, risk functions, and internal audit functions

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 NIST CSF v1.1 → 💼 DE.DP-1: Roles and responsibilities for detection are well defined to ensure accountability					no data
💼 NIST CSF v1.1 → 💼 ID.AM-6: Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established					no data
💼 NIST CSF v1.1 → 💼 ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-2 Information Security Program Leadership Role					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-13 Security and Privacy Workforce					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-19 Privacy Program Leadership Role					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-23 Data Governance Body					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-24 Data Integrity Board					no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-29 Risk Management Program Leadership Roles					no data

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance