GV.OC-02—Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered
>Control Description
This organizational context subcategory ensures that internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered. Key activities include: Identify relevant internal stakeholders and their cybersecurity-related expectations (e; Identify relevant external stakeholders and their cybersecurity-related expectations (e.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
STA-08
STA-13
CRI Profile v2.0
GV.OC-02
GV.OC-02.01
GV.OC-02.02
GV.OC-02.03
CSF v1.1
ID.SC-2
ID.GV-2
CoP
A1
E2
E3
ISO/IEC 27001:2022
Mandatory Clause: 4.1
Mandatory Clause: 4.2
Mandatory Clause: 4.4
Mandatory Clause: 6.1
Mandatory Clause: 8.1
Mandatory Clause: 8.2
Mandatory Clause: 8.3
Annex A Controls:
NICE Framework
OG-WRL-002
OG-WRL-006
OG-WRL-007
OG-WRL-010
OG-WRL-014
PCI DSS
12.8.1
12.8.5
12.9.1
12.9.2
12.1.4
SCF
TPM-05
TPM-05.4
SP 800-171 Rev 3
03.11.01
03.17.02
03.17.03
SP 800-218
PO.2.1
SP 800-221A
GV.OV-2
GV.CT-2
GV.CT-3
SP 800-53 Rev 5.1.1
PM-09
PM-18
PM-30
SR-03
SR-05
SR-06
SR-08
SP 800-53 Rev 5.2.0
PM-09
PM-18
PM-30
SR-03
SR-05
SR-06
SR-08
SP-800-37 Rev 2
RMF Prepare Step - Organization and Mission/Business Level - Task P-1: Risk Management Roles
RMF Prepare Step - Organization and Mission/Business Level - Task P-3: Risk Assessment - Organizat
RMF Prepare Step (System Level): TASK P-9 System Stakeholders
RMF Prepare Step (System Level): TASK P-15 Requirements Definition
Ask AI
Configure your API key to use AI features.