Cybersecurity & Data Protection Governance
Mechanisms exist to facilitate the implementation of cybersecurity & data protection governance controls.
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Level N/A
Mechanisms exist to coordinate cybersecurity, data protection and business alignment through a steering committee or advisory board, comprised of key cybersecurity, data privacy and business executives, which meets formally and on a regular basis.
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Level N/A
Mechanisms exist to provide governance oversight reporting and recommendations to those entrusted to make executive decisions about matters considered material to the organization’s cybersecurity & data protection program.
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Mechanisms exist to establish, maintain and disseminate cybersecurity & data protection policies, standards and procedures.
Parent
Compliance Framework
Secure Controls Framework 2023.4
Control Number
GOV-02
Related
Compliance Framework
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
ISO 27002:2022
ISO 27002:2022
ISO 27002:2022
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST CSF v1.1
CERT RMM v1.2
CERT RMM v1.2
Control Number
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Level N/A
Mechanisms exist to prohibit exceptions to standards, except when the exception has been formally assessed for risk impact, approved and recorded.
Parent
Compliance Framework
Secure Controls Framework 2023.4
Control Number
GOV-02.1
Related
Compliance Framework
Control Number
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Mechanisms exist to review the cybersecurity & data privacy program, including policies, standards and procedures, at planned intervals or if significant changes occur to ensure their continuing suitability, adequacy and effectiveness.
Parent
Compliance Framework
Secure Controls Framework 2023.4
Control Number
GOV-03
Related
Compliance Framework
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
ISO 27002:2022
ISO 27002:2022
ISO 27002:2022
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
Control Number
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Mechanisms exist to assign one or more qualified individuals with the mission and resources to centrally-manage, coordinate, develop, implement and maintain an enterprise-wide cybersecurity & data protection program.
Parent
Compliance Framework
Secure Controls Framework 2023.4
Control Number
GOV-04
Related
Compliance Framework
CCM v4.0.10
CCM v4.0.10
ISO 27002:2022
ISO 27002:2022
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST 800-53 Rev 5
NIST CSF v1.1
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
SEC Regulation S-K 17.2.229 v2024.01.02
SEC Regulation S-K 17.2.229 v2024.01.02
SEC Regulation S-K 17.2.229 v2024.01.02
SEC Regulation S-K 17.2.229 v2024.01.02
SEC Regulation S-K 17.2.229 v2024.01.02
SEC Regulation S-K 17.2.229 v2024.01.02
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Level N/A
Mechanisms exist to enforce an accountability structure so that appropriate teams and individuals are empowered, responsible and trained for mapping, measuring and managing data and technology-related risks.
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Level N/A
Mechanisms exist to establish an authoritative chain of command with clear lines of communication to remove ambiguity from individuals and teams related to managing data and technology-related risks.
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
Cybersecurity & Data Protection Governance
Level N/A
Mechanisms exist to develop, report and monitor cybersecurity & data privacy program measures of performance.
Parent
Compliance Framework
Secure Controls Framework 2023.4
Control Number
GOV-05
Related
Compliance Framework
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
CCM v4.0.10
NIST 800-53 Rev 5
NIST CSF v1.1
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
CERT RMM v1.2
Create new POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Create new Exception
When a controller is not technically or procedurally relevant to the organization, set control status to "Not Applicable" and document the justification using an Exception.
Assign to POAM
A POAM must have at least one milestone and assigned to at least one Framework control.
Assign to Exception
Select the Exception that you want to assign to this control
