GV.RM-P2: Organizational risk tolerance is determined and clearly expressed

CSF v1.1 References:

Description

[csf.tools Note: Subcategories do not have detailed descriptions.]

Note: This Privacy Framework Subcategory is identical to the Cybersecurity Framework Subcategory.

Related Controls

NIST Special Publication 800-53 Revision 5

PM-9: Risk Management Strategy

Develops a comprehensive strategy to manage: Security risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of organizational systems; and Privacy risk to individuals resulting from the authorized processing of personally identifiable information; Implement the risk management strategy consistently across the organization; and Review and updateā€¦

Cloud Controls Matrix v3.0.1

GRM-11: Risk Management Framework

Risks shall be mitigated to an acceptable level. Acceptance levels based on risk criteria shall be established and documented in accordance with reasonable resolution time frames and stakeholder approval.

NIST Special Publication 800-53 Revision 4

PM-9: Risk Management Strategy

The organization: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems; Implements the risk management strategy consistently across the organization; and Reviews and updates the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizationalā€¦