GV.RR-04—Cybersecurity is included in human resources practices
>Control Description
This roles, responsibilities, and authorities subcategory ensures that cybersecurity is included in human resources practices. Key activities include: Integrate cybersecurity risk management considerations into human resources processes (e; Consider cybersecurity knowledge to be a positive factor in hiring, training, and retention decisions; Conduct background checks prior to onboarding new personnel for sensitive roles, and periodically repeat background checks for personnel with such ....
>Cross-Framework Mappings
ISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
HRS-01
HRS-05
HRS-06
HRS-07
HRS-08
HRS-10
IAM-07
CIS Controls v8.0
6.1
6.2
CIS Controls v8.1
6.1
6.2
CRI Profile v2.0
GV.RR-04
GV.RR-04.01
GV.RR-04.02
GV.RR-04.03
CSF v1.1
PR.IP-11
CoP
C1
ISO/IEC 27001:2022
Mandatory Clause: 7.3
Annex A Controls: 6.1
Annex A Controls: 6.2
Annex A Controls: 6.3
Annex A Controls: 6.4
Annex A Controls: 6.5
Annex A Controls: 6.6
Annex A Controls: 6.7
+1 more
NICE Framework
OG-WRL-002
OG-WRL-003
OG-WRL-010
PCI DSS
12.7.1
12.6.3
7.2.2
8.2.5
9.3.1.1
SCF
HRS-01
SP 800-171 Rev 3
03.15.01
SP 800-53 Rev 5.1.1
PM-13
PS-01
PS-07
PS-09
SP 800-53 Rev 5.2.0
PM-13
PS-01
PS-07
PS-09
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
Ask AI
Configure your API key to use AI features.