πΌ GV.RM-06: A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated
- Contextual name: πΌ GV.RM-06: A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated
- ID:
/frameworks/nist-csf-v2.0/gv-rm/06 - Located in: πΌ Risk Management Strategy (GV.RM)
Descriptionβ
- Establish criteria for using a quantitative approach to cybersecurity risk analysis, and specify probability and exposure formulas
- Create and use templates (e.g., a risk register) to document cybersecurity risk information (e.g., risk description, exposure, treatment, and ownership)
- Establish criteria for risk prioritization at the appropriate levels within the enterprise
- Use a consistent list of risk categories to support integrating, aggregating, and comparing cybersecurity risks
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-rm/01/frameworks/nist-sp-800-53-r5/pm/09/frameworks/nist-sp-800-53-r5/pm/18/frameworks/nist-sp-800-53-r5/pm/28/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/ra/03
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-9 Risk Management Strategy | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-18 Privacy Program Plan | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-28 Risk Framing | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-30 Supply Chain Risk Management Strategy | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ RA-3 Risk Assessment | 4 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|