NIST CSF 2.0 · All Functions · GV Govern · GV.OV Oversight

GV.OV-02

Implementation examples

• Ex1: Review audit findings to confirm whether the existing cybersecurity strategy has ensured compliance with internal and external requirements
• Ex2: Review the performance oversight of those in cybersecurity-related roles to determine whether policy changes are necessary
• Ex3: Review strategy in light of cybersecurity incidents

Mapped NIST 800-53 r5 controls (6)

All informative references (43)

• CRI Profile v2.0: GV.OV-02
• CRI Profile v2.0: GV.OV-02.01
• CRI Profile v2.0: GV.OV-02.02
• CoP: E1
• Guardian-SDK: GS-PO-02
• ISO/IEC 27001:2022: Mandatory Clause: 9.1
• ISO/IEC 27001:2022: Annex A Controls: 5.1
• ISO/IEC 27001:2022: Annex A Controls: 5.19
• NICE Framework: OG-WRL-002
• NICE Framework: OG-WRL-007
• PCI DSS: 12.10.6
• PCI DSS: 12.10.2
• PCI DSS: 12.4.2
• PCI DSS: 12.4.2.1
• PCI DSS: 12.5.3
• PCI DSS: 12.8.4
• PCI DSS: 10.7.1
• PCI DSS: 10.7.2
• PCI DSS: 11.4.4
• PCI DSS: 12.3.4
• PCI DSS: 12.5.2
• SCF: GOV-03
• SCF: RSK-01
• SDOS: SDOS-AU-01
• SDOS: SDOS-RS-01
• SP 800-171 Rev 3: 03.11.01
• SP 800-171 Rev 3: 03.11.04
• SP 800-221A: GV.AD-2
• SP 800-221A: GV.AD-3
• SP 800-221A: MA.RM-8
• SP 800-53 Rev 5.1.1: PM-09
• SP 800-53 Rev 5.1.1: PM-19
• SP 800-53 Rev 5.1.1: PM-30
• SP 800-53 Rev 5.1.1: PM-31
• SP 800-53 Rev 5.1.1: RA-07
• SP 800-53 Rev 5.1.1: SR-06
• SP 800-53 Rev 5.2.0: PM-09
• SP 800-53 Rev 5.2.0: PM-19
• SP 800-53 Rev 5.2.0: PM-30
• SP 800-53 Rev 5.2.0: PM-31
• SP 800-53 Rev 5.2.0: RA-07
• SP 800-53 Rev 5.2.0: SR-06
• SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).