Skip to main content

๐Ÿ’ผ Risk Assessment (ID.RA)

  • Contextual name: ๐Ÿ’ผ Risk Assessment (ID.RA)
  • ID: /frameworks/nist-csf-v1.1/id-ra
  • Located in: ๐Ÿ’ผ NIST CSF v1.1

Descriptionโ€‹

The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

Similarโ€‹

  • Internal
    • ID: dec-b-afcc5fcd

Sub Sectionsโ€‹

SectionSub SectionsInternal RulesPoliciesFlags
๐Ÿ’ผ ID.RA-1: Asset vulnerabilities are identified and documented1415
๐Ÿ’ผ ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources
๐Ÿ’ผ ID.RA-3: Threats, both internal and external, are identified and documented77
๐Ÿ’ผ ID.RA-4: Potential business impacts and likelihoods are identified77
๐Ÿ’ผ ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk77
๐Ÿ’ผ ID.RA-6: Risk responses are identified and prioritized