GV.RR-01—Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving
>Control Description
This roles, responsibilities, and authorities subcategory ensures that organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving. Key activities include: Leaders (e; Share leaders’ expectations regarding a secure and ethical culture, especially when current events present the opportunity to highlight positive or...; Leaders direct the CISO to maintain a comprehensive cybersecurity risk strategy and review and update it at least annually and after major events.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
HRS-09
HRS-13
CIS Controls v8.0
14.1
CIS Controls v8.1
14.1
CRI Profile v2.0
GV.RR-01
GV.RR-01.01
GV.RR-01.02
GV.RR-01.03
GV.RR-01.04
GV.RR-01.05
CoP
A2
C1
E3
ISO/IEC 27001:2022
Mandatory Clause: 7.2
Annex A Controls: 5.4
NICE Framework
OG-WRL-002
OG-WRL-003
OG-WRL-007
OG-WRL-010
PCI DSS
12.1.4
12.6.1
6.2.2
12.10.6
12.1.3
SCF
GOV-01
GOV-04
RSK-01
SP 800-218
PO.2.3
SP 800-53 Rev 5.1.1
PM-02
PM-19
PM-23
PM-24
PM-29
SP 800-53 Rev 5.2.0
PM-02
PM-19
PM-23
PM-24
PM-29
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
Ask AI
Configure your API key to use AI features.