GV.OV-02—The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks
>Control Description
This oversight subcategory ensures that the cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks. Key activities include: Review audit findings to confirm whether the existing cybersecurity strategy has ensured compliance with internal and external requirements; Review the performance oversight of those in cybersecurity-related roles to determine whether policy changes are necessary; Review strategy in light of cybersecurity incidents.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CRI Profile v2.0
GV.OV-02
GV.OV-02.01
GV.OV-02.02
CoP
E1
ISO/IEC 27001:2022
Mandatory Clause: 9.1
Annex A Controls: 5.1
Annex A Controls: 5.19
NICE Framework
OG-WRL-002
OG-WRL-007
PCI DSS
12.10.6
12.10.2
12.4.2
12.4.2.1
12.5.3
12.8.4
10.7.1
10.7.2
+3 more
SCF
GOV-03
RSK-01
SP 800-171 Rev 3
03.11.01
03.11.04
SP 800-221A
GV.AD-2
GV.AD-3
MA.RM-8
SP 800-53 Rev 5.1.1
PM-09
PM-19
PM-30
PM-31
RA-07
SR-06
SP 800-53 Rev 5.2.0
PM-09
PM-19
PM-30
PM-31
RA-07
SR-06
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
Ask AI
Configure your API key to use AI features.