CAF Outcome A1.c: Decision-making
From the UK NCSC's Cyber Assessment Framework (version 3.1):
You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
A1.c: Decision-making to CSF mappings generated from UK Cabinet Office table.
| Control ID | Description |
|---|---|
| ID.RM-2 | Organizational risk tolerance is determined and clearly expressed |
| ID.GV-4 | Governance and risk management processes address cybersecurity risks |
| ID.RM-1 | Risk management processes are established, managed, and agreed to by organizational stakeholders |
| ID.GV-2 | Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners |
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.