GV.OC-04—Critical objectives, capabilities, and services that stakeholders depend on or expect from the organization are understood and communicated
>Control Description
This organizational context subcategory ensures that critical objectives, capabilities, and services that stakeholders depend on or expect from the organization are understood and communicated. Key activities include: Establish criteria for determining the criticality of capabilities and services as viewed by internal and external stakeholders; Determine (e; Establish and communicate resilience objectives (e.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
BCR-01
BCR-02
BCR-03
BCR-11
IVS-02
STA-05
CRI Profile v2.0
GV.OC-04
GV.OC-04.01
GV.OC-04.02
GV.OC-04.03
GV.OC-04.04
CSF v1.1
ID.BE-4
ID.BE-5
CoP
A1
ISO/IEC 27001:2022
Mandatory Clause: 4.2(a)
Mandatory Clause: 4.2(b)
Annex A Controls: 5.20
Annex A Controls: 5.31
NICE Framework
OG-WRL-002
OG-WRL-006
OG-WRL-007
OG-WRL-010
OG-WRL-014
PCI DSS
12.10.1
12.5.2
12.5.1
SCF
BCD-02
TPM-02
SP 800-221A
MA.RI-1
SP 800-53 Rev 5.1.1
PM-08
PM-11
CP-02(08)
PM-30(01)
RA-09
SP 800-53 Rev 5.2.0
PM-08
PM-11
CP-02(08)
PM-30(01)
RA-09
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (System Level): TASK P-8 Mission or Business Focus
RMF Prepare Step (System Level): TASK P-9 System Stakeholders
Ask AI
Configure your API key to use AI features.