💼 Risk Assessment (ID.RA)
- ID:
/frameworks/nist-csf-v1.1/id-ra
Description​
The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.
Similar​
- Internal
- ID:
dec-b-afcc5fcd
- ID:
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 ID.RA-1: Asset vulnerabilities are identified and documented | 13 | 16 | no data | ||
| 💼 ID.RA-2: Cyber threat intelligence is received from information sharing forums and sources | no data | ||||
| 💼 ID.RA-3: Threats, both internal and external, are identified and documented | 7 | 7 | no data | ||
| 💼 ID.RA-4: Potential business impacts and likelihoods are identified | 7 | 7 | no data | ||
| 💼 ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk | 7 | 7 | no data | ||
| 💼 ID.RA-6: Risk responses are identified and prioritized | no data |