|
GV.OC-02.1: The organisation shall demonstrate it understands and considers the needs and expectations of both internal and external stakeholders regarding information and cybersecurity risk management.
|
http://cyfun.data.gift/data/requirement_GV_OC_02_1
|
17 |
|
GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered
|
http://cyfun.data.gift/data/nist_subcategory_GV_OC_02
|
5 |
|
GV.OC-02: Internal and external stakeholders are understood, and their needs and expectations regarding cybersecurity risk management are understood and considered
|
http://cyfun.data.gift/data/subcategory_GV.OC-02
|
13 |
|
GV.OC-03.1: Legal and regulatory requirements regarding information and cybersecurity shall be identified and implemented.
|
http://cyfun.data.gift/data/requirement_GV_OC_03_1
|
21 |
|
GV.OC-03.2: Legal, regulatory, and contractual obligations related to information and cyber- security shall be continuously managed to ensure they remain accurate, up to date, and effectively applied.
|
http://cyfun.data.gift/data/requirement_GV_OC_03_2
|
19 |
|
GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity - including privacy and civil liberties obligations - are understood and managed
|
http://cyfun.data.gift/data/nist_subcategory_GV_OC_03
|
5 |
|
GV.OC-03: Legal, regulatory, and contractual requirements regarding cybersecurity are understood 6 and managed
|
http://cyfun.data.gift/data/subcategory_GV.OC-03
|
19 |
|
GV.OC-04.1: The organisation shall identify, document, and communicate the critical objectives, capabilities, and services relied upon by external stakeholders, prioritise them based on criticality, and integrate this prioritisation into the risk assessment process
|
http://cyfun.data.gift/data/requirement_GV_OC_04_1
|
19 |
|
GV.OC-04.2: The organisation shall define and document cybersecurity requirements for essential operations, validate them through testing and audits, maintain records of results and corrective actions, and regularly update requirements based on evolving risks
|
http://cyfun.data.gift/data/requirement_GV_OC_04_2
|
19 |
|
GV.OC-04.3: Redundancy shall be implemented to meet availability requirements as defined by the organisation, legislation and/or regulations
|
http://cyfun.data.gift/data/requirement_GV_OC_04_3
|
18 |
|
GV.OC-04.4: Recovery time and recovery point objectives for the resumption of essential ICT/ OT system processes shall be defined and monitored.
|
http://cyfun.data.gift/data/requirement_GV_OC_04_4
|
17 |
|
GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated
|
http://cyfun.data.gift/data/nist_subcategory_GV_OC_04
|
5 |