GV.OC-01
The organizational mission is understood and informs cybersecurity risk management
Implementation examples
- Ex1: Share the organization's mission (e.g., through vision and mission statements, marketing, and service strategies) to provide a basis for identifying risks that may impede that mission
Mapped NIST 800-53 r5 controls (1)
All informative references (34)
- BXAIOS: Chapter 2 - Unify the Vision
- CCMv4.0: BCR-01
- CCMv4.0: BCR-07
- CRI Profile v2.0: GV.OC-01
- CRI Profile v2.0: GV.OC-01.01
- CSF v1.1: ID.BE-2
- CSF v1.1: ID.BE-3
- CoP: A3
- IRP: IRP-Sec-1
- IRP: IRP-Sec-1
- IRP: IRP-Sec-1
- ISO/IEC 27001:2022: Mandatory Clause: 4.1
- ISO/IEC 27001:2022: Mandatory Clause: 6.1,
- ISO/IEC 27001:2022: Mandatory Clause: 8.1
- ISO/IEC 27001:2022: Mandatory Clause: 8.2
- ISO/IEC 27001:2022: Mandatory Clause: 8.3
- ISO/IEC 27001:2022: Annex A Controls:
- NICE Framework: OG-WRL-002
- NICE Framework: OG-WRL-006
- NICE Framework: OG-WRL-007
- NICE Framework: OG-WRL-010
- NICE Framework: OG-WRL-015
- OWASP Top 10 LLM Applications: LLM06-2025
- OWASP Top 10 LLM Applications: LLM09-2025
- PCI DSS: 12.1.1
- SCF: RSK-01.1
- SCF: TDA-06.2
- SP 800-221A: GV.CT-5
- SP 800-221A: GV.CT-3
- SP 800-53 Rev 5.1.1: PM-11
- SP 800-53 Rev 5.2.0: PM-11
- SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
- SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
- SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-8 Mission or Business Focus
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).