GV.OV-03—Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed
>Control Description
This oversight subcategory ensures that organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed. Key activities include: Review key performance indicators (KPIs) to ensure that organization-wide policies and procedures achieve objectives; Review key risk indicators (KRIs) to identify risks the organization faces, including likelihood and potential impact; Collect and communicate metrics on cybersecurity risk management with senior leadership.
>Cross-Framework Mappings
PCI DSS v4.0.1
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
AIS-03
CRI Profile v2.0
GV.OV-03
GV.OV-03.01
GV.OV-03.02
CoP
E1
ISO/IEC 27001:2022
Mandatory Clause: 9.1
Annex A Controls: 5.1
Annex A Controls: 5.19
Annex A Controls: 5.20
NICE Framework
OG-WRL-002
OG-WRL-003
OG-WRL-007
PCI DSS
12.4.2
10.7.2
7.2.5.1
11.3.1
11.3.2
11.4.4
12.3.1
12.3.4
SCF
GOV-05
RSK-01
SP 800-171 Rev 3
03.11.01
03.11.04
SP 800-221A
GV.OV-2
MA.RM-2
SP 800-53 Rev 5.1.1
PM-04
PM-06
RA-07
SR-06
SP 800-53 Rev 5.2.0
PM-04
PM-06
RA-07
SR-06
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
RMF Authorize Step: TASK R-3 Risk Response
RMF Monitor Step: TASK M-2 Ongoing Assessments
RMF Monitor Step: TASK M-3 Ongoing Risk Response
Ask AI
Configure your API key to use AI features.