๐ผ Risk Assessment (ID.RA)
- Contextual name: ๐ผ Risk Assessment (ID.RA)
- ID:
/frameworks/nist-csf-v2.0/id-ra
- Located in: ๐ผ NIST CSF v2.0
Descriptionโ
The cybersecurity risk to the organization, assets, and individuals is understood by the organization.
Similarโ
Sub Sectionsโ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| ๐ผ ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded | | | 22 | |
| ๐ผ ID.RA-02: Cyber threat intelligence is received from information sharing forums and sources | | | | |
| ๐ผ ID.RA-03: Internal and external threats to the organization are identified and recorded | | | 7 | |
| ๐ผ ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded | | | 7 | |
| ๐ผ ID.RA-05: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization | | | 7 | |
| ๐ผ ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated | | | 7 | |
| ๐ผ ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked | | | 24 | |
| ๐ผ ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established | | | | |
| ๐ผ ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use | | | | |
| ๐ผ ID.RA-10: Critical suppliers are assessed prior to acquisition | | | 26 | |