NIST CSF 2.0 · All Functions · GV Govern · GV.RM Risk Management Strategy

GV.RM-05

Lines of communication across the organization are established for cybersecurity risks, including risks from suppliers and other third parties

Implementation examples

Ex1: Determine how to update senior executives, directors, and management on the organization's cybersecurity posture at agreed-upon intervals
Ex2: Identify how all departments across the organization - such as management, operations, internal auditors, legal, acquisition, physical security, and HR - will communicate with each other about cybersecurity risks

Mapped NIST 800-53 r5 controls (2)

PM-09 PM-30

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1357→P

All informative references (42)

CCMv4.0: GRC-02
CCMv4.0: STA-01
CCMv4.0: STA-08
CRI Profile v2.0: GV.RM-05
CRI Profile v2.0: GV.RM-05.01
CRI Profile v2.0: GV.RM-05.02
CSF v1.1: ID.SC-1
ISO/IEC 27001:2022: Mandatory Clause: 6.1.1
ISO/IEC 27001:2022: Mandatory Clause: 6.1.3
ISO/IEC 27001:2022: Annex A Controls: 5.1
ISO/IEC 27001:2022: Annex A Controls: 5.19
NICE Framework: DD-WRL-006
NICE Framework: OG-WRL-002
NICE Framework: OG-WRL-003
NICE Framework: OG-WRL-007
NICE Framework: OG-WRL-008
NICE Framework: OG-WRL-009
NICE Framework: OG-WRL-010
NICE Framework: OG-WRL-013
NICE Framework: OG-WRL-014
NICE Framework: OG-WRL-015
PCI DSS: 12.8.2
PCI DSS: 12.8.5
PCI DSS: 12.9.2
PCI DSS: 12.9.1
PCI DSS: 12.8.4
PCI DSS: 12.5.3
PCI DSS: 12.10.1
PCI DSS: 10.7.1
PCI DSS: 10.7.2
SCF: GOV-04
SCF: HRS-03
SCF: TPM-05.4
SP 800-221A: GV.PO-1
SP 800-53 Rev 5.1.1: PM-09
SP 800-53 Rev 5.1.1: PM-30
SP 800-53 Rev 5.2.0: PM-09
SP 800-53 Rev 5.2.0: PM-30
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-1 Risk Management Roles
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-9 System Stakeholders

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).