CAF Outcome A1.c: Decision-making

From the UK NCSC's Cyber Assessment Framework (version 3.1):

You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

A1.c: Decision-making to CSF mappings generated from UK Cabinet Office table.

Search:

Control ID	Description
ID.RM-2	Organizational risk tolerance is determined and clearly expressed
ID.GV-4	Governance and risk management processes address cybersecurity risks
ID.RM-1	Risk management processes are established, managed, and agreed to by organizational stakeholders
ID.GV-2	Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners

Showing 1 to 4 of 4 entries

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Node
PM-9: Risk Management Strategy
SA-2: Allocation of Resources
PM-3: Information Security and Privacy Resources
PM-10: Authorization Process
PM-7: Enterprise Architecture
PM-11: Mission and Business Process Definition
PS-7: External Personnel Security
PM-2: Information Security Program Leadership Role
PM-1: Information Security Program Plan

Showing 1 to 9 of 9 entries