Roles and Responsibilities GV.RR
      Back to home
      1. Help Center
      2. Cybersecurity Framework - Govern (GV)
      3. Roles and Responsibilities GV.RR

      What is Roles and Responsibilities GV.RR?

      Cybersecurity roles and responsibilities are coordinated and aligned with all internal and external stakeholders to enable accountability, performance assessment, and continuous improvement (formerly ID.GV-2)

      GV.RR-01:

      Organizational leadership takes responsibility for decisions associated with cybersecurity risks and establishes a culture that is risk-aware, behaves in an ethical manner, and promotes continuous improvement 

       

      GV.RR-02:

      Roles and responsibilities related to cybersecurity risk management are established and communicated (formerly ID.GV-2, ID.AM-6, and DE.DP1)  

       

      GV.RR-03:

      Roles and responsibilities for customers, partners, and other third-party stakeholders are established and communicated (formerly ID.AM-6) 

       

      GV.RR-04:

      Roles and responsibilities for suppliers are established, documented in contractual language, and communicated (formerly ID.AM-6) 

       

      GV.RR-05:

      Lines of communication across the organization are established for cybersecurity risks, including supply chain risks

       

      GV.RR-06:

      Resourcing and authorities for cybersecurity are decided commensurate with risk strategy, roles, and policies

       

      GV.RR-07:  

      Cybersecurity is included in human resources practices (e.g., training, deprovisioning, personnel screening) (formerly PR.IP-11)