Home NIST CSF Govern (GV) Organizational Context (GV.OC) GV.OC-04: Do you know and share what stakeholders expect from the organization ?

GV.OC-04: Do you know and share what stakeholders expect from the organization ?

GV.OC-04: Do you know and share what stakeholders expect from the organization ?

GV.OC-04: Critical objectives, capabilities, and services that stakeholders depend on or expect from the organization are determined and communicated. 

Implementation Examples

Example 1: Establish criteria for determining the criticality of capabilities and services as viewed by internal and external stakeholders. 

Example 2: Determine (e.g., from a business impact analysis) assets and business operations that are vital to achieving mission objectives and the potential impact of a loss (or partial loss) of such operations. 

Example 3: Establish and communicate resilience objectives (e.g., recovery time objectives) for delivering critical capabilities and services in various operating states (e.g., under attack, during recovery, normal operation).

Source: The NIST Cybersecurity Framework 2.0 Core with Implementation Examples.

Share this Post

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

*