>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GV.RM-02Risk appetite and risk tolerance statements are established, communicated, and maintained

>Control Description

This risk management strategy subcategory ensures that risk appetite and risk tolerance statements are established, communicated, and maintained. Key activities include: Determine and communicate risk appetite statements that convey expectations about the appropriate level of risk for the organization; Translate risk appetite statements into specific, measurable, and broadly understandable risk tolerance statements; Refine organizational objectives and risk appetite periodically based on known risk exposure and residual risk.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
PM-09
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.1
Compare

SOC 2 TSC

CC3.1
Compare

SCF

RSK-01.3
Compare
RSK-01.5
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

GRC-02
BCR-03
IVS-08

CRI Profile v2.0

GV.RM-02
GV.RM-02.01
GV.RM-02.02
GV.RM-02.03

CSF v1.1

ID.RM-2
ID.RM-3

CoP

A3

ISO/IEC 27001:2022

Mandatory Clause: 6.1.2
Annex A Controls: 5.1

NICE Framework

DD-WRL-006
IO-WRL-003
OG-WRL-002
OG-WRL-006
OG-WRL-007
OG-WRL-010
OG-WRL-011
OG-WRL-013
+2 more

SP 800-221A

GV.BE-1
GV.BE-3

SP 800-53 Rev 5.1.1

PM-09

SP 800-53 Rev 5.2.0

PM-09

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy

Ask AI

Configure your API key to use AI features.