GV.RM-03—Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
>Control Description
This risk management strategy subcategory ensures that cybersecurity risk management activities and outcomes are included in enterprise risk management processes. Key activities include: Aggregate and manage cybersecurity risks alongside other enterprise risks (e; Include cybersecurity risk managers in enterprise risk management planning; Establish criteria for escalating cybersecurity risks within enterprise risk management.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
GRC-02
A&A-03
CRI Profile v2.0
GV.RM-03
GV.RM-03.01
GV.RM-03.02
GV.RM-03.03
GV.RM-03.04
CSF v1.1
ID.GV-4
CoP
A2
ISO/IEC 27001:2022
Mandatory Clause: 6.1.3
Annex A Controls: 5.1
NICE Framework
DD-WRL-002
OG-WRL-002
OG-WRL-006
OG-WRL-007
OG-WRL-008
OG-WRL-010
OG-WRL-011
OG-WRL-015
PCI DSS
12.5.3
10.4.2.1
11.3.1.1
11.6.1
12.10.4.1
5.2.3.1
5.3.2.1
7.2.5.1
+7 more
SCF
GOV-01
RSK-01
SP 800-171 Rev 3
03.11.04
03.17.01
SP 800-221A
GV.PO-2
GV.PO-3
SP 800-53 Rev 5.1.1
PM-03
PM-09
PM-30
RA-07
SR-02
SP 800-53 Rev 5.2.0
PM-03
PM-09
PM-30
RA-07
SA-24
SR-02
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
Ask AI
Configure your API key to use AI features.