This COBIT task and activity corresponds to CSF Step 1: Prioritize and Scope, because it involves
assessing the current state of the enterprise’s governance and management system, as well as its
readiness and ability to adopt changes12. This task and activity is part of the COBIT 2019
implementation phase "Where are we now?"3, which aligns with the CSF step of identifying the
business drivers, mission, objectives, and risk appetite of the organization4.
Reference: 1: COBIT 2019 Implementation Guide 2: COBIT 2019 Implementation - ISACA 3:
Connecting COBIT 2019 to the NIST Cybersecurity Framework - ISACA 4: Cybersecurity Framework
Components | NIST
