πΌ ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated
- Contextual name: πΌ ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated
- ID:
/frameworks/nist-csf-v2.0/id-ra/06 - Located in: πΌ Risk Assessment (ID.RA)
Descriptionβ
- Apply the vulnerability management plan's criteria for deciding whether to accept, transfer, mitigate, or avoid risk
- Apply the vulnerability management plan's criteria for selecting compensating controls to mitigate risk
- Track the progress of risk response implementation (e.g., plan of action and milestones [POA&M], risk register, risk detail report)
- Use risk assessment findings to inform risk response decisions and actions
- Communicate planned risk responses to affected stakeholders in priority order
Similarβ
- Sections
/frameworks/nist-csf-v1.1/id-ra/06/frameworks/nist-csf-v1.1/rs-mi/03/frameworks/nist-sp-800-53-r5/pm/09/frameworks/nist-sp-800-53-r5/pm/18/frameworks/nist-sp-800-53-r5/pm/30/frameworks/nist-sp-800-53-r5/ra/07
Similar Sections (Take Policies From)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST CSF v1.1 β πΌ ID.RA-6: Risk responses are identified and prioritized | ||||
| πΌ NIST CSF v1.1 β πΌ RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks | 7 | 7 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-9 Risk Management Strategy | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-18 Privacy Program Plan | ||||
| πΌ NIST SP 800-53 Revision 5 β πΌ PM-30 Supply Chain Risk Management Strategy | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ RA-7 Risk Response |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
Policies (7)β
| Policy | Logic Count | Flags |
|---|---|---|
| π Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For App Services is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Containers is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Key Vault is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Servers is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On π’ | 1 | π’ x6 |
| π Azure Subscription Microsoft Defender For Storage is not set to On π’ | 1 | π’ x6 |