GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction

Info icon.

Subcategory is new to this version of the framework.


[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Measure how well the risk management strategy and risk results have helped leaders make decisions and achieve organizational objectives

Ex2: Examine whether cybersecurity risk strategies that impede operations or innovation should be adjusted