NIST CSF: ID.RM-1 Subcategory
From NIST's Cyber Security Framework (version 1):
Risk management processes are established, managed, and agreed to by organizational stakeholders
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Contact with authorities (6.1.3)
ISO 27001:2013
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| A2.a | Risk Management Process | Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities. |
| A1.c | Decision-making | You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks. |