← NIST CSF 2.0 in plain English

GV.PO-01

Govern / Policy

Policy for managing cybersecurity risks is established based on organizational context, cybersecurity strategy, and priorities and is communicated and enforced.

Think of it likeSetting house rules for safety.

In plain English

The family establishes and communicates safety rules, like locking doors at night, that everyone agrees to follow.