ID.GV: Governance
Description
The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.
Framework Subcategories
ID.GV-1: Organizational cybersecurity policy is established and communicated
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.GV-2: Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.GV-4: Governance and risk management processes address cybersecurity risks
[csf.tools Note: Subcategories do not have detailed descriptions.]