Back

Develop instructions for setting organizational objectives and strategies.


CONTROL ID
12931
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Analyze organizational objectives, functions, and activities., CC ID: 00598

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Key figures always can be interpreted differently; thus, it is important to clarify in advance the objective of the measurements and how and with which efforts this should be achieved. Then, measuring against such objective can be performed. (§ 10.1.1 ¶ 4, BSI-Standard 200-2 IT-Grundschutz Methodology, Version 1.0)
  • Develop instructions that limit and guide management as it sets detailed objectives and strategies. (OCEG GRC Capability Model, v. 3.0, A1.4 Define Management Boundaries, OCEG GRC Capability Model, v 3.0)
  • which of these needs and expectations become its compliance obligations. (§ 4.2 ¶ 1 c), ISO 14001:2015 - Environmental management systems — Requirements with guidance for use, Third Edition)
  • provides a framework for setting compliance objectives; (§ 5.2.1 ¶ 1 Bullet 2, ISO 19600:2014, Compliance Management Systems - Guidelines, 2014-12-15, Reviewed and confirmed in 2018)
  • provides a framework for setting compliance objectives; (§ 5.2 ¶ 1 b), ISO 37301:2021 Compliance management systems — Requirements with guidance for use, First Edition, Edition 1)
  • provides a framework for setting compliance objectives; (§ 5.2 ¶ 1 b), ISO/DIS 37301, Compliance management systems — Requirements with guidance for use, DRAFT)
  • Provides a credible challenge to management decisions. (App A Objective 2:3 b., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Provide target recommendations which meet leadership objectives. (T0797, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Provide subject matter expertise to the development of a common operational picture. (T0583, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Provide operations and reengagement recommendations. (T0794, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Provide subject matter expertise to the development of a common operational picture. (T0583, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Provide operations and reengagement recommendations. (T0794, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)