August 31, 2016

Governance (ID.GV)

Objectives of Governance

The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.

  • ID.GV-1: Organizational information security policy is established
  • ID.GV-2: Information security roles & responsibilities are coordinated and aligned with internal roles and external partners
  • ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
  • ID.GV-4: Governance and risk management processes address cybersecurity risks