roles Controls

Incident response roles and contacts are designated and current

Cybersecurity roles, responsibilities, and authorities are established and enforced

Organizational structure and authority for security is defined