>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GV.RM-01Risk management objectives are established and agreed to by organizational stakeholders

>Control Description

This risk management strategy subcategory ensures that risk management objectives are established and agreed to by organizational stakeholders. Key activities include: Update near-term and long-term cybersecurity risk management objectives as part of annual strategic planning and when major changes occur; Establish measurable objectives for cybersecurity risk management (e; Senior leaders agree about cybersecurity objectives and use them for measuring and managing risk and performance.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
PM-09
Compare
RA-07
Compare
SR-02
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
12.1.1
Compare
12.1.2
Compare
12.1.4
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.1
Compare

SOC 2 TSC

CC3.1
Compare

SCF

GOV-01
Compare
GOV-01.1
Compare
GOV-05.2
Compare
RSK-01
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

GRC-02
CEK-07

CRI Profile v2.0

GV.RM-01
GV.RM-01.01
GV.RM-01.02
GV.RM-01.03
GV.RM-01.04
GV.RM-01.05

CSF v1.1

ID.RM-1

CoP

A1

ISO/IEC 27001:2022

Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.2
Annex A Controls: 5.1

NICE Framework

OG-WRL-002
OG-WRL-007
OG-WRL-008
OG-WRL-011
OG-WRL-012
OG-WRL-013
OG-WRL-014
OG-WRL-015

PCI DSS

12.1.4
12.1.2
12.1.1

SCF

GOV-01
RSK-01

SP 800-171 Rev 3

03.11.04
03.17.01

SP 800-221A

GV.RR-2

SP 800-53 Rev 5.1.1

PM-09
RA-07
SR-02

SP 800-53 Rev 5.2.0

PM-09
RA-07
SR-02

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy

Ask AI

Configure your API key to use AI features.