GV.RR-02—Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced
>Control Description
This roles, responsibilities, and authorities subcategory ensures that roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced. Key activities include: Document risk management roles and responsibilities in policy; Document who is responsible and accountable for cybersecurity risk management activities and how those teams and individuals are to be consulted an...; Include cybersecurity responsibilities and performance requirements in personnel descriptions.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
CEK-02
GRC-06
HRS-02
HRS-03
HRS-06
HRS-08
HRS-09
HRS-13
+4 more
CIS Controls v8.0
14.9
CIS Controls v8.1
14.9
CRI Profile v2.0
GV.RR-02
GV.RR-02.01
GV.RR-02.02
GV.RR-02.03
GV.RR-02.04
GV.RR-02.05
GV.RR-02.06
GV.RR-02.07
CSF v1.1
ID.AM-6
ID.GV-2
DE.DP-1
CoP
B4
E1
E2
ISO/IEC 27001:2022
Mandatory Clause: 7.2
Annex A Controls: None
NICE Framework
OG-WRL-002
OG-WRL-003
OG-WRL-007
OG-WRL-010
PCI DSS
1.1.2
2.1.2
3.1.2
4.1.2
5.1.2
6.1.2
7.1.2
8.1.2
+4 more
SCF
GOV-04
HRS-02
HRS-03
TPM-05.4
SP 800-218
PO.2.1
SP 800-221A
GV.RR-1
GV.RR-2
GV.OV-2
SP 800-53 Rev 5.1.1
PM-02
PM-13
PM-19
PM-23
PM-24
PM-29
SP 800-53 Rev 5.2.0
PM-02
PM-13
PM-19
PM-23
PM-24
PM-29
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
Ask AI
Configure your API key to use AI features.