GV.PO-01:

Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced

Implementation Examples

Ex1:

Create, disseminate, and maintain an understandable, usable risk management policy with statements of management intent, expectations, and direction

Ex2:

Periodically review policy and supporting processes and procedures to ensure that they align with risk management strategy objectives and priorities, as well as the high-level direction of the cybersecurity policy

Ex3:

Require approval from senior management on policy

Ex4:

Communicate cybersecurity risk management policy and supporting processes and procedures across the organization

Ex5:

Require personnel to acknowledge receipt of policy when first hired, annually, and whenever policy is updated

Frameworks and Controls

NIST Cybersecurity Framework V2.0

GV: Govern
ID: Identify
PR: Protect
DE: Detect
RS: Respond
RC: Recover

CMMC Level 1

NIST SP 800-171
- CMMC Level 2 - NIST SP 800-171 r2
CMMC Level 3

GV.PO-01:

Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced

Implementation Examples

Ex1:

Ex2:

Ex3:

Ex4:

Ex5:

Peaches.Cloud

Quick Links

Contact

Support Our Research