๐ผ Roles, Responsibilities, and Authorities (GV.RR)
- Contextual name: ๐ผ Roles, Responsibilities, and Authorities (GV.RR)
- ID:
/frameworks/nist-csf-v2.0/gv-rr
- Located in: ๐ผ NIST CSF v2.0
Descriptionโ
Cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated
Similarโ
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| ๐ผ GV.RR-01: Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving | | | | |
| ๐ผ GV.RR-02: Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced | | | | |
| ๐ผ GV.RR-03: Adequate resources are allocated commensurate with the cybersecurity risk strategy, roles, responsibilities, and policies | | | | |
| ๐ผ GV.RR-04: Cybersecurity is included in human resources practices | | | | |