reporting Controls

Cybersecurity risk management activities and outcomes are included in enterprise risk management processes

Control deficiencies are identified, evaluated, and communicated