Objectives of Governance
The policies, procedures, and processes to manage and monitor the organization’s regulatory, legal, risk, environmental, and operational requirements are understood and inform the management of cybersecurity risk.
- ID.GV-1: Organizational information security policy is established
- ID.GV-2: Information security roles & responsibilities are coordinated and aligned with internal roles and external partners
- ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
- ID.GV-4: Governance and risk management processes address cybersecurity risks