Establish and monitor the organization’s cybersecurity risk management strategy, expectations, and policy. The GOVERN Function is cross-cutting and provides outcomes to inform how an organization will achieve and prioritize the outcomes of the other five Functions in the context of its mission and stakeholder expectations. Governance activities are critical for incorporating cybersecurity into an organization’s broader enterprise risk management strategy. GOVERN directs an understanding of organizational context; the establishment of cybersecurity strategy and cybersecurity supply chain risk management; roles, responsibilities, and authorities; policies, processes, and procedures; and the oversight of cybersecurity strategy.
GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders. Implementation Examples Example 1: Update near-term …
GV.RM-01: Do you know the cybersecurity risk objectives for your organization ? Read more »
GV.OC-05: Outcomes, capabilities, and services that the organization depends on are determined and communicated Implementation Examples Example 1: Create …
GV.OC-04: Critical objectives, capabilities, and services that stakeholders depend on or expect from the organization are determined and …
GV.OC-04: Do you know and share what stakeholders expect from the organization ? Read more »
GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity – including privacy and civil liberties obligations – are understood …
GV.OC-03: How to manage legal, regulatory, and cybersecurity obligations ? Read more »
GV.OC-02: Internal and external stakeholders are determined, and their needs and expectations regarding cybersecurity risk management are understood. …
GV.OC-02: How to determine stakeholders for cybersecurity risk management ? Read more »
GV.OC-01: The organizational mission is understood and informs cybersecurity risk management. Example 1: Share the organization’s mission (e.g., …
