GV.PO-02—Policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission
>Control Description
This policy subcategory ensures that policy for managing cybersecurity risks is reviewed, updated, communicated, and enforced to reflect changes in requirements, threats, technology, and organizational mission. Key activities include: Update policy based on periodic reviews of cybersecurity risk management results to ensure that policy and supporting processes and procedures adeq...; Provide a timeline for reviewing changes to the organization’s risk environment (e; Update policy to reflect changes in legal and regulatory requirements.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
A&A-01
AIS-01
BCR-01
CCC-01
CEK-01
DCS-01
DCS-02
DCS-03
+20 more
CRI Profile v2.0
GV.PO-02
GV.PO-02.01
CSF v1.1
ID.GV-1
CoP
C2
E1
ISO/IEC 27001:2022
Mandatory Clause: 5.2
Annex A Controls: 5.1
NICE Framework
IO-WRL-003
OG-WRL-002
OG-WRL-007
OG-WRL-010
PCI DSS
12.1.2
1.1.1
2.1.1
3.1.1
4.1.1
5.1.1
6.1.1
7.1.1
+4 more
SCF
GOV-03
HRS-07
SP 800-171 Rev 3
03.15.01
SP 800-221A
GV.PO-1
SP 800-53 Rev 5.1.1
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+12 more
SP 800-53 Rev 5.2.0
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+12 more
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
Ask AI
Configure your API key to use AI features.