CAF Outcome A1.b: Roles and Responsibilities

From the UK NCSC's Cyber Assessment Framework (version 3.1):

Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

NCSC CAF Mapped to NIST CSF

A1.b: Roles and Responsibilities to CSF mappings generated from UK Cabinet Office table.

Search:

Control ID	Description
ID.GV-2	Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners
PR.AT-5	Physical and cybersecurity personnel understand their roles and responsibilities
DE.DP-1	Roles and responsibilities for detection are well defined to ensure accountability
PR.AT-3	Third-party stakeholders (e.g., suppliers, customers, partners) understand their roles and responsibilities
ID.GV-4	Governance and risk management processes address cybersecurity risks
PR.AT-1	All users are informed and trained
RS.CO-1	Personnel know their roles and order of operations when a response is needed
PR.AT-2	Privileged users understand their roles and responsibilities
ID.AM-6	Cybersecurity roles and responsibilities for the entire workforce and third-party stakeholders (e.g., suppliers, customers, partners) are established
PR.AT-4	Senior executives understand their roles and responsibilities

Showing 1 to 10 of 10 entries

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CAF outcome, taken from mappings by Ofgem.

Establish the security organisation (4.3.2.3.2)
ISA/IEC 62443-2-1:2009
Define and communicate specific roles and responsibilities (4.3.2.5.5)
ISA/IEC 62443-2-1:2009
Authorize account access (4.3.3.5.3)
ISA/IEC 62443-2-1:2009
Form a continuity team (4.3.2.5.4)
ISA/IEC 62443-2-1:2009
Define the organisational responsibilities (4.3.2.3.3)
ISA/IEC 62443-2-1:2009
Document and communicate security expectations and responsibilities (4.3.3.2.5)
ISA/IEC 62443-2-1:2009

Related ISO 27001 Controls

Clauses and controls from ISO 27001 (2013) which are related to this CAF outcome, taken from mappings by Ofgem.

Information security roles and responsibilities (6.1.1)
ISO 27001:2013
Responsibilities and procedures (16.1.1)
ISO 27001:2013

Related SP800-53 Controls

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Node
PS-7: External Personnel Security
PM-2: Information Security Program Leadership Role
PM-1: Information Security Program Plan
PM-13: Security and Privacy Workforce
AT-3: Role-based Training
IR-2: Incident Response Training
CA-7: Continuous Monitoring
CA-2: Control Assessments
PM-14: Testing, Training, and Monitoring
SA-16: Developer-provided Training
SA-9: External System Services
SA-2: Allocation of Resources
PM-3: Information Security and Privacy Resources
PM-10: Authorization Process
PM-7: Enterprise Architecture
PM-9: Risk Management Strategy
PM-11: Mission and Business Process Definition
AT-2: Literacy Training and Awareness
CP-2: Contingency Plan
IR-3: Incident Response Testing
IR-8: Incident Response Plan
CP-3: Contingency Training

Showing 1 to 22 of 22 entries

CAF Outcome A1.b: Roles and Responsibilities

Cyber Threat Graph Context

NCSC CAF Mapped to NIST CSF

Related ISA/IEC 62443 Controls

Establish the security organisation (4.3.2.3.2)

Define and communicate specific roles and responsibilities (4.3.2.5.5)

Authorize account access (4.3.3.5.3)

Form a continuity team (4.3.2.5.4)

Define the organisational responsibilities (4.3.2.3.3)

Document and communicate security expectations and responsibilities (4.3.3.2.5)

Related ISO 27001 Controls

Information security roles and responsibilities (6.1.1)

Responsibilities and procedures (16.1.1)

Related SP800-53 Controls