NIST CSF: ID.GV-2 Subcategory

From NIST's Cyber Security Framework (version 1):

Cybersecurity roles and responsibilities are coordinated and aligned with internal roles and external partners

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
PS-7: External Personnel Security
PM-2: Information Security Program Leadership Role
PM-1: Information Security Program Plan

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Information security policy for supplier relationships (15.1.1)
    ISO 27001:2013
  • Management responsibilities (7.2.1)
    ISO 27001:2013
  • Information security roles and responsibilities (6.1.1)
    ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Define the organisational responsibilities (4.3.2.3.3)
    ISA/IEC 62443-2-1:2009

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
A1.b Roles and Responsibilities Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks.
D1.a Response Plan You have an up-to-date incident response plan that is grounded in a thorough risk assessment that takes account of your essential function and covers a range of incident scenarios.
B1.b Policy and Process Implementation You have successfully implemented your security policies and processes and can demonstrate the security benefits achieved.
A4.a Supply Chain The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used.
B6.a Cyber Security Culture You develop and pursue a positive cyber security culture.
A1.c Decision-making You have senior-level accountability for the security of networks and information systems, and delegate decision-making authority appropriately and effectively. Risks to network and information systems related to the operation of essential functions are considered in the context of other organisational risks.