>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

GV.RR-03Adequate resources are allocated commensurate with the cybersecurity risk strategy, roles, responsibilities, and policies

>Control Description

This roles, responsibilities, and authorities subcategory ensures that adequate resources are allocated commensurate with the cybersecurity risk strategy, roles, responsibilities, and policies. Key activities include: Conduct periodic management reviews to ensure that those given cybersecurity risk management responsibilities have the necessary authority; Identify resource allocation and investment in line with risk tolerance and response; Provide adequate and sufficient people, process, and technical resources to support the cybersecurity strategy.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
PM-03
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
12.1.4
Compare
12.10.3
Compare

SOC 2 TSC

CC1.3
Compare
CC1.5
Compare

SCF

PRM-01
Compare
PRM-02
Compare
PRM-03
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CRI Profile v2.0

GV.RR-03
GV.RR-03.01
GV.RR-03.02
GV.RR-03.03

CSF v1.1

ID.RM-1

CoP

B3

ISO/IEC 27001:2022

Mandatory Clause: 7.1, 7.2
Annex A Controls:

NICE Framework

OG-WRL-002
OG-WRL-003
OG-WRL-007
OG-WRL-010

PCI DSS

12.1.4
12.10.3

SCF

PRM-01
PRM-02
PRM-03

SP 800-221A

GV.RR-2

SP 800-53 Rev 5.1.1

PM-03

SP 800-53 Rev 5.2.0

PM-03

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy

Ask AI

Configure your API key to use AI features.