Policy (GV.PO):
Organizational cybersecurity policy is established, communicated, and enforced
Subcategories
GV.PO-01
Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced
GV.PO-02
Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission