GV.PO-02:

Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission

Implementation Examples

Ex1:

Update policy based on periodic reviews of cybersecurity risk management results to ensure that policy and supporting processes and procedures adequately maintain risk at an acceptable level

Ex2:

Provide a timeline for reviewing changes to the organization's risk environment (e.g., changes in risk or in the organization's mission objectives), and communicate recommended policy updates

Ex3:

Update policy to reflect changes in legal and regulatory requirements

Ex4:

Update policy to reflect changes in technology (e.g., adoption of artificial intelligence) and changes to the business (e.g., acquisition of a new business, new contract requirements)

Frameworks and Controls

NIST Cybersecurity Framework V2.0

GV: Govern
ID: Identify
PR: Protect
DE: Detect
RS: Respond
RC: Recover

CMMC Level 1

NIST SP 800-171
- CMMC Level 2 - NIST SP 800-171 r2
CMMC Level 3

GV.PO-02:

Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission

Implementation Examples

Ex1:

Ex2:

Ex3:

Ex4:

Peaches.Cloud

Quick Links

Contact

Support Our Research