A Cybersecurity Strategy Must Be Defined, Documented And Approved. It Must Be Supported By The Head Of The Organization Or His/her Delegate (referred To In This Document As Authorizing Official). The Strategy Goals Must Be In-line With Related Laws And Regulations.

A Roadmap Must Be Executed To Implement The Cybersecurity Strategy.

The Cybersecurity Strategy Must Be Reviewed Periodically According To Planned Intervals Or Upon Changes To Related Laws And Regulations.