NIST CSF 2.0 · All Functions · GV Govern · GV.OV Oversight

GV.OV-01

Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction

Implementation examples

Ex1: Measure how well the risk management strategy and risk results have helped leaders make decisions and achieve organizational objectives
Ex2: Examine whether cybersecurity risk strategies that impede operations or innovation should be adjusted

Mapped NIST 800-53 r5 controls (26)

AC-01 AT-01 AU-01 CA-01 CM-01 CP-01 IA-01 IR-01 MA-01 MP-01 PE-01 PL-01 PM-01 PM-09 PM-18 PM-30 PM-31 PS-01 PT-01 RA-01 RA-07 SA-01 SC-01 SI-01 SR-01 SR-06

All informative references (86)

CRI Profile v2.0: GV.OV-01
CRI Profile v2.0: GV.OV-01.01
CRI Profile v2.0: GV.OV-01.02
CRI Profile v2.0: GV.OV-01.03
CoP: E1
ISO/IEC 27001:2022: Mandatory Clause: 9.1
ISO/IEC 27001:2022: Annex A Controls: 5.1
ISO/IEC 27001:2022: Annex A Controls: 5.19
NICE Framework: OG-WRL-002
NICE Framework: OG-WRL-007
NICE Framework: OG-WRL-016
PCI DSS: 12.3.1
PCI DSS: 12.10.6
PCI DSS: 12.10.2
PCI DSS: 12.4.2
PCI DSS: 12.4.2.1
PCI DSS: 10.7.1
PCI DSS: 10.7.2
SCF: GOV-05
SCF: GOV-03
SDOS: SDOS-AU-01
SDOS: SDOS-RS-01
SP 800-171 Rev 3: 03.11.01
SP 800-171 Rev 3: 03.11.04
SP 800-171 Rev 3: 03.15.01
SP 800-221A: GV.AD-3
SP 800-53 Rev 5.1.1: AC-01
SP 800-53 Rev 5.1.1: AT-01
SP 800-53 Rev 5.1.1: AU-01
SP 800-53 Rev 5.1.1: CA-01
SP 800-53 Rev 5.1.1: CM-01
SP 800-53 Rev 5.1.1: CP-01
SP 800-53 Rev 5.1.1: IA-01
SP 800-53 Rev 5.1.1: IR-01
SP 800-53 Rev 5.1.1: MA-01
SP 800-53 Rev 5.1.1: MP-01
SP 800-53 Rev 5.1.1: PE-01
SP 800-53 Rev 5.1.1: PL-01
SP 800-53 Rev 5.1.1: PM-01
SP 800-53 Rev 5.1.1: PS-01
SP 800-53 Rev 5.1.1: PT-01
SP 800-53 Rev 5.1.1: RA-01
SP 800-53 Rev 5.1.1: SA-01
SP 800-53 Rev 5.1.1: SC-01
SP 800-53 Rev 5.1.1: SI-01
SP 800-53 Rev 5.1.1: SR-01
SP 800-53 Rev 5.1.1: PM-09
SP 800-53 Rev 5.1.1: PM-18
SP 800-53 Rev 5.1.1: PM-30
SP 800-53 Rev 5.1.1: PM-31
SP 800-53 Rev 5.1.1: RA-07
SP 800-53 Rev 5.1.1: SR-06
SP 800-53 Rev 5.2.0: AC-01
SP 800-53 Rev 5.2.0: AT-01
SP 800-53 Rev 5.2.0: AU-01
SP 800-53 Rev 5.2.0: CA-01
SP 800-53 Rev 5.2.0: CM-01
SP 800-53 Rev 5.2.0: CP-01
SP 800-53 Rev 5.2.0: IA-01
SP 800-53 Rev 5.2.0: IR-01
SP 800-53 Rev 5.2.0: MA-01
SP 800-53 Rev 5.2.0: MP-01
SP 800-53 Rev 5.2.0: PE-01
SP 800-53 Rev 5.2.0: PL-01
SP 800-53 Rev 5.2.0: PM-01
SP 800-53 Rev 5.2.0: PS-01
SP 800-53 Rev 5.2.0: PT-01
SP 800-53 Rev 5.2.0: RA-01
SP 800-53 Rev 5.2.0: SA-01
SP 800-53 Rev 5.2.0: SC-01
SP 800-53 Rev 5.2.0: SI-01
SP 800-53 Rev 5.2.0: SR-01
SP 800-53 Rev 5.2.0: PM-09
SP 800-53 Rev 5.2.0: PM-18
SP 800-53 Rev 5.2.0: PM-30
SP 800-53 Rev 5.2.0: PM-31
SP 800-53 Rev 5.2.0: RA-07
SP 800-53 Rev 5.2.0: SR-06
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
SP-800-37 Rev 2: RMF Select Step: TASK S-5 Continuous Monitoring Strategy— System
SP-800-37 Rev 2: RMF Authorize Step: TASK R-3 Risk Response
SP-800-37 Rev 2: RMF Monitor Step: TASK M-2 Ongoing Assessments
SP-800-37 Rev 2: RMF Monitor Step: TASK M-3 Ongoing Risk Response

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).