Description
Incorporate security and privacy roles and responsibilities into organizational position descriptions.
Supplemental Guidance
Specification of security and privacy roles in individual organizational position descriptions facilitates clarity in understanding the security or privacy responsibilities associated with the roles and the role-based security and privacy training requirements for the roles.
Changes from Rev 4
New control in Rev 5.
Compliance Mappings
ISO 27001:2022
5.3A.5.2A.6.2
ISO 27002:2022
5.26.2
COBIT 2019
APO07
NIST CSF 2.0
GV.RR-02GV.RR-04
SOC 2 TSC
CC1.4CC1.5
CSA CCM v4
HRS-10
CSA AICM v1
HRS-10
ISO 42001:2023
A.2.3A.3.2
NIS2 Directive
Art. 21(2)(i)
MAS TRM
3
APRA CPS 234
Para 16-17Para 18
BSI IT-Grundschutz
OPS.1.1.2ORP.2
ANSSI
Hygiene.11Hygiene.4Hygiene.7SecNumCloud.8.1
FINMA Circular 2023/1
IV.B.a(48)IV.B.d(60)
OSFI B-13
B-13.1.1
EU GDPR
Art.29Art.32(4)Art.37(1)Art.39(1)
EU DORA
Art.5(4)
BIO2
5.26.2
RBI CSF
ITGRCA.8ITGRCA.24
FISC Security Guidelines
FISC.O8
LGPD + BCB 4893
BCB.Art.17BCB.Art.17-SuppLGPD.Art.41LGPD.Art.47
HKMA TM-E-1
TME1.2.1TME1.2.4
SAMA CSF
1.11.51.7
NCA ECC
1-41-9
UAE IA
T1T5
CBB TM
TM-1
Qatar NIA
GVHR
CBUAE
CR-1
CBE CSF
GOV-1GOV-2
SA JS2
JS2-4
CBN CSF
Part1.1Part1.2
BoG CISD
CISD-IICISD-XV
POPIA
s55s56
BoM CTRM
1.11.2
IOSCO Cyber Resilience
GOV-4
CPMI-IOSCO PFMI
CG.GOV
FFIEC IS
II.C.7II.C.7(a)
ECB CROE
CROE.2.1.2
SEBI CSCRF
GV.RR
BOT Cyber Resilience
Ch1.1Ch7.2
CMMC 2.0
PS
Solvency II
Art.42DR.258
Lloyd's Minimum Standards
CRM.1GOV.1MS8.1
PRA SS1/23
P2.4
FCA SYSC 13
SYSC 13.6.1SYSC 13.6.3SYSC 13.G.1
ISO 27799
6.16.2
NHS DSPT
NDG-1.2
MiCA
Art.34(1)Art.54(1)