GV.RM-05—Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties
>Control Description
This risk management strategy subcategory ensures that lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties. Key activities include: Determine how to update senior executives, directors, and management on the organization’s cybersecurity posture at agreed-upon intervals; Identify how all departments across the organization — such as management, operations, internal auditors, legal, acquisition, physical security, an....
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
GRC-02
STA-01
STA-08
CRI Profile v2.0
GV.RM-05
GV.RM-05.01
GV.RM-05.02
CSF v1.1
ID.SC-1
ISO/IEC 27001:2022
Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.3
Annex A Controls: 5.1
Annex A Controls: 5.19
NICE Framework
DD-WRL-006
OG-WRL-002
OG-WRL-003
OG-WRL-007
OG-WRL-008
OG-WRL-009
OG-WRL-010
OG-WRL-013
+2 more
PCI DSS
12.8.2
12.8.5
12.9.2
12.9.1
12.8.4
12.5.3
12.10.1
10.7.1
+1 more
SCF
GOV-04
HRS-03
TPM-05.4
SP 800-221A
GV.PO-1
SP 800-53 Rev 5.1.1
PM-09
PM-30
SP 800-53 Rev 5.2.0
PM-09
PM-30
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
RMF Prepare Step (System Level): TASK P-9 System Stakeholders
Ask AI
Configure your API key to use AI features.