NIST CSF: ID.GV-4 Subcategory

From NIST's Cyber Security Framework (version 1):

Governance and risk management processes address cybersecurity risks

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
SA-2: Allocation of Resources
PM-3: Information Security and Privacy Resources
PM-10: Authorization Process
PM-7: Enterprise Architecture
PM-9: Risk Management Strategy
PM-11: Mission and Business Process Definition

Showing 1 to 6 of 6 entries

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Conduct a detailed risk assessment (4.2.3.9)
ISA/IEC 62443-2-1:2009
Provide training for support personnel (4.3.2.4.3)
ISA/IEC 62443-2-1:2009
Integrate physical, HSE and cyber security risk assessments (4.2.3.11)
ISA/IEC 62443-2-1:2009
Conduct a high-level risk assessment (4.2.3.3)
ISA/IEC 62443-2-1:2009
Select a risk assessment methodology (4.2.3.1)
ISA/IEC 62443-2-1:2009
Maintain consistency between risk management systems (4.3.2.6.3)
ISA/IEC 62443-2-1:2009
Identify a detailed risk assessment methodology (4.2.3.8)
ISA/IEC 62443-2-1:2009

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
A2.a	Risk Management Process	Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.
A1.c	Decision-making	You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.
A2.b	Assurance	You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.
A1.b	Roles and Responsibilities	Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.
A1.a	Board Direction	You have effective organisational security management led at board level and articulated clearly in corresponding policies.

Showing 1 to 5 of 5 entries

NIST CSF: ID.GV-4 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISA/IEC 62443 Controls

Conduct a detailed risk assessment (4.2.3.9)

Provide training for support personnel (4.3.2.4.3)

Integrate physical, HSE and cyber security risk assessments (4.2.3.11)

Conduct a high-level risk assessment (4.2.3.3)

Select a risk assessment methodology (4.2.3.1)

Maintain consistency between risk management systems (4.3.2.6.3)

Identify a detailed risk assessment methodology (4.2.3.8)

CSF Mapped to the NCSC CAF