GV.OV-02: The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks

Info icon.

Subcategory is new to this version of the framework.


[csf.tools Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Review audit findings to confirm whether the existing cybersecurity strategy has ensured compliance with internal and external requirements

Ex2: Review the performance oversight of those in cybersecurity-related roles to determine whether policy changes are necessary

Ex3: Review strategy in light of cybersecurity incidents