NIST CSF 2.0 · All Functions · GV Govern

GV.RR — Roles, Responsibilities, and Authorities

Cybersecurity roles, responsibilities, and authorities to foster accountability, performance assessment, and continuous improvement are established and communicated

GV.RR-01

Organizational leadership is responsible and accountable for cybersecurity risk and fosters a culture that is risk-aware, ethical, and continually improving

4 implementation example(s) · 5 mapped NIST 800-53 control(s)

GV.RR-02

Roles, responsibilities, and authorities related to cybersecurity risk management are established, communicated, understood, and enforced

5 implementation example(s) · 6 mapped NIST 800-53 control(s)

GV.RR-03

Adequate resources are allocated commensurate with the cybersecurity risk strategy, roles, responsibilities, and policies

3 implementation example(s) · 1 mapped NIST 800-53 control(s)

GV.RR-04

Cybersecurity is included in human resources practices

4 implementation example(s) · 4 mapped NIST 800-53 control(s)

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).