CAF Outcome A1.a: Board Direction
From the UK NCSC's Cyber Assessment Framework (version 3.1):
You have effective organisational security management led at board level and articulated clearly in corresponding policies.
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
NCSC CAF Mapped to NIST CSF
A1.a: Board Direction to CSF mappings generated from UK Cabinet Office table.
| Control ID | Description |
|---|---|
| ID.GV-1 | Organizational cybersecurity policy is established and communicated |
| ID.RM-2 | Organizational risk tolerance is determined and clearly expressed |
| ID.BE-3 | Priorities for organizational mission, objectives, and activities are established and communicated |
| ID.GV-4 | Governance and risk management processes address cybersecurity risks |
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.
-
Establish the security organisation (4.3.2.3.2)
ISA/IEC 62443-2-1:2009 -
Define the stakeholder team management (4.3.2.3.4)
ISA/IEC 62443-2-1:2009 -
Demonstrate senior leadership support for cyber security (4.3.2.6.8)
ISA/IEC 62443-2-1:2009 -
Obtain senior management support (4.3.2.3.1)
ISA/IEC 62443-2-1:2009
Related SP800-53 Controls
Generated from NISTs SP800-53/CSF Crosswalk mappings.