CAF Outcome A1.a: Board Direction

You have effective organisational security management led at board level and articulated clearly in corresponding policies.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

A1.a: Board Direction to CSF mappings generated from UK Cabinet Office table.

Search:

Control ID	Description
ID.GV-1	Organizational cybersecurity policy is established and communicated
ID.RM-2	Organizational risk tolerance is determined and clearly expressed
ID.BE-3	Priorities for organizational mission, objectives, and activities are established and communicated
ID.GV-4	Governance and risk management processes address cybersecurity risks

Showing 1 to 4 of 4 entries

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

Establish the security organisation (4.3.2.3.2)
ISA/IEC 62443-2-1:2009
Define the stakeholder team management (4.3.2.3.4)
ISA/IEC 62443-2-1:2009
Demonstrate senior leadership support for cyber security (4.3.2.6.8)
ISA/IEC 62443-2-1:2009
Obtain senior management support (4.3.2.3.1)
ISA/IEC 62443-2-1:2009

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Node
PM-9: Risk Management Strategy
SA-14: Criticality Analysis
PM-11: Mission and Business Process Definition
SA-2: Allocation of Resources
PM-3: Information Security and Privacy Resources
PM-10: Authorization Process
PM-7: Enterprise Architecture

Showing 1 to 7 of 7 entries