NIST CSF 2.0 · All Functions · GV Govern

GV.OV — Oversight

Results of organization-wide cybersecurity risk management activities and performance are used to inform, improve, and adjust the risk management strategy

GV.OV-01

Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction

2 implementation example(s) · 26 mapped NIST 800-53 control(s)

GV.OV-02

The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks

3 implementation example(s) · 6 mapped NIST 800-53 control(s)

GV.OV-03

Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed

3 implementation example(s) · 4 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).