GOV — Cybersecurity & Data Protection Governance
38 controls in the Cybersecurity & Data Protection Governance domain
GOV-01Cybersecurity & Data Protection Governance Program
GOV-01.1Steering Committee & Program Oversight
GOV-01.2Status Reporting To Governing Body
GOV-01.3Commitment To Continual Improvements
GOV-02Publishing Cybersecurity & Data Protection Documentation
GOV-02.1Exception Management
GOV-03Periodic Review & Update of Cybersecurity & Data Protection Program
GOV-04Assigned Cybersecurity & Data Protection Responsibilities
GOV-04.1Stakeholder Accountability Structure
GOV-04.2Authoritative Chain of Command
GOV-05Measures of Performance
GOV-05.1Key Performance Indicators (KPIs)
GOV-05.2Key Risk Indicators (KRIs)
GOV-06Contacts With Authorities
GOV-07Contacts With Groups & Associations
GOV-08Defining Business Context & Mission
GOV-09Define Control Objectives
GOV-10Data Governance
GOV-11Purpose Validation
GOV-12Forced Technology Transfer (FTT)
GOV-13State-Sponsored Espionage
GOV-14Business As Usual (BAU) Secure Practices
GOV-15Operationalizing Cybersecurity & Data Protection Practices
GOV-15.1Select Controls
GOV-15.2Implement Controls
GOV-15.3Assess Controls
GOV-15.4Authorize Technology Assets, Applications and/or Services (TAAS)
GOV-15.5Monitor Controls
GOV-16Materiality Determination
GOV-16.1Material Risks
GOV-16.2Material Threats
GOV-17Cybersecurity & Data Protection Status Reporting
GOV-18Quality Management System (QMS)
GOV-19Assurance
GOV-19.1Assurance Levels (AL)
GOV-19.2Assessment Objectives (AO)
GOV-20Mergers, Acquisitions & Divestitures (MA&D)
GOV-20.1Virtual Data Room (VDR)