legal
legal Controls
5 controls across 2 frameworks.
CISA CPG
NIST CSF
gv-oc-3
Legal, regulatory, and contractual requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed
Govern / Organizational Context
critical 8h
rc-co-4
Public updates on the incident and ongoing recovery are shared using approved methods and messaging
Recover / Incident Recovery Communication
medium 3h
rs-an-6
Actions performed during an investigation are recorded, and the records' integrity and provenance are preserved
Respond / Incident Analysis
medium 3h
rs-ma-4
Escalate or elevate incidents as needed
Respond / Incident Management
high 2h