What are Policies and Procedures (GV.PO)?

Organizational cybersecurity policies, processes, and procedures are established and communicated (formerly ID.GV-1)

GV.PO-01: Policies, processes, and procedures for managing cybersecurity risks are established based on organizational context, risk management strategy, and priorities and are communicated (formerly ID.GV-1)

 

GV.PO-02:

The same policies used internally are applied to suppliers

 

GV.PO-03:

Policies and procedures are reviewed, updated, and communicated to reflect changes in requirements, threats, technology, and organizational mission