ID.GV-1

Organizational cybersecurity policy is established and communicated

Identify · Governance

Manual Attestation

Compliance Score

30%

Non-Compliant

Documentation Maturity

2/ 5

Target: 2.5

Implementation Maturity

2/ 5

Target: 2.5

Control Description

A cybersecurity policy exists that defines roles, responsibilities, and expected behavior. The policy is communicated to all employees and reviewed regularly.

Findings (1)

0/1 items compliant

Severity	Finding	Recommendation
high	Improvement needed: Organizational cybersecurity policy is established and communicated Current implementation does not fully meet the requirements of ID.GV-1.	Draft a cybersecurity policy covering acceptable use, password requirements, incident reporting, and data handling. Have management approve it. Distribute to all employees and obtain acknowledgment. Review annually.

Severity

Finding

high

Improvement needed: Organizational cybersecurity policy is established and communicated

Current implementation does not fully meet the requirements of ID.GV-1.

Remediation Guidance

Draft a cybersecurity policy covering acceptable use, password requirements, incident reporting, and data handling. Have management approve it. Distribute to all employees and obtain acknowledgment. Review annually.