This policy instrument defines the control objectives for identification, assessment, and management of cybersecurity risks (cyber risk) within the GoA. Cyber risk is managed through risk assessment, threat identification, vulnerability assessment, and documented processes for reporting and treating risk. This includes mitigation strategies that are monitored to maintain risk exposure within acceptable levels.