NIST CSF: ID.GV-3 Subcategory
From NIST's Cyber Security Framework (version 1):
Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Privacy and protection of personally identifiable information (18.1.4)
ISO 27001:2013 -
Intellectual property rights (18.1.2)
ISO 27001:2013 -
Regulation of cryptographic controls (18.1.5)
ISO 27001:2013 -
Protection of records (18.1.3)
ISO 27001:2013 -
Identification of applicable legislation and contractual requirements (18.1.1)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Monitor and evaluate applicable legislation relevant to cyber security (4.4.3.7)
ISA/IEC 62443-2-1:2009
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| B1.b | Policy and Process Implementation | You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved. |
| B1.a | Policy and Process Development | You have developed and continue to improve a set of cyber security and resilience policies and processes that manage and mitigate the risk of adverse impact on the essential function. |