Back

Align the cybersecurity program strategy with the organization's strategic plan.


CONTROL ID
14322
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a strategic plan., CC ID: 12784

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The establishment and ongoing development of the IT security risk management framework would normally be directed by an overarching IT security strategy and a supporting program of work. This strategy would typically be aligned with a regulated institution's IT and business strategies, as appropriat… (¶ 24, The AD_offical_Name should be: APRA Prudential Practice Guide 234: Management of security risk in information and information technology, May 2013)
  • CSPs will provide, either as part of their Incident Response Plan or through an Incident Response Plan Addendum, their approach to fulfilling DoD Cyberspace Defense integration requirements. CSPs will make their plan or addendum available to DISA for review and approval as a condition of its PA and … (Section 6.5.1 ¶ 1, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan. (T0445, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization's strategic plan. (T0445, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)