>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GV.RM-07Strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions

>Control Description

This risk management strategy subcategory ensures that strategic opportunities (i.e., positive risks) are characterized and are included in organizational cybersecurity risk discussions. Key activities include: Define and communicate guidance and methods for identifying opportunities and including them in risk discussions (e; Identify stretch goals and document them; Calculate, document, and prioritize positive risks alongside negative risks.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
PM-09
Compare
PM-18
Compare
PM-28
Compare
PM-30
Compare
RA-03
Compare

SOC 2 TSC

CC3.4
Compare

SCF

RSK-01.1
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

GRC-02

CRI Profile v2.0

GV.RM-07
GV.RM-07.01

ISO/IEC 27001:2022

Mandatory Clause: 6.11
Annex A Controls: None

NICE Framework

OG-WRL-002
OG-WRL-007
OG-WRL-015

SCF

RSK-01.1

SP 800-171 Rev 3

03.11.01

SP 800-53 Rev 5.1.1

PM-09
PM-18
PM-28
PM-30
RA-03

SP 800-53 Rev 5.2.0

PM-09
PM-18
PM-28
PM-30
RA-03

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy

Ask AI

Configure your API key to use AI features.