GV.RM-01: Do you know the cybersecurity risk objectives for your organization ?

GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders.

Implementation Examples

Example 1: Update near-term and long-term cybersecurity risk management objectives as part of annual strategic planning and when major changes occur.

Example 2: Establish measurable objectives for cybersecurity risk management (e.g., manage the quality of user training, ensure adequate risk protection for industrial control systems).

Example 3: Senior leaders agree about cybersecurity objectives and use them for measuring and managing risk and performance.

Source: The NIST Cybersecurity Framework 2.0 Core with Implementation Examples.