NIST Cybersecurity Framework (CSF) 2.0

GOVERN (GV): The organization's cybersecurity risk management strategy, expectations, and policy are established, communicated, and monitored

Categories

Organizational Context (GV.OC):

The circumstances - mission, stakeholder expectations, dependencies, and legal, regulatory, and contractual requirements - surrounding the organization's cybersecurity risk management decisions are understood

Risk Management Strategy (GV.RM)

The organization's priorities, constraints, risk tolerance and appetite statements, and assumptions are established, communicated, and used to support operational risk decisions

Roles, Responsibilities, and Authorities (GV.RR):

Cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated

Policy (GV.PO):

Organizational cybersecurity policy is established, communicated, and enforced

Oversight (GV.OV):

Results of organization-wide cybersecurity risk management activities and performance are used to inform, improve, and adjust the risk management strategy

Cybersecurity Supply Chain Risk Management (GV.SC):

Cyber supply chain risk management processes are identified, established, managed, monitored, and improved by organizational stakeholders

Frameworks and Controls

NIST Cybersecurity Framework V2.0

CMMC Level 1

NIST Cybersecurity Framework (CSF) 2.0

Categories

Organizational Context (GV.OC):

Risk Management Strategy (GV.RM)

Roles, Responsibilities, and Authorities (GV.RR):

Policy (GV.PO):

Oversight (GV.OV):

Cybersecurity Supply Chain Risk Management (GV.SC):

Peaches.Cloud

Quick Links

Contact

Support Our Research