💼 ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated

Description

Apply the vulnerability management plan's criteria for deciding whether to accept, transfer, mitigate, or avoid risk
Apply the vulnerability management plan's criteria for selecting compensating controls to mitigate risk
Track the progress of risk response implementation (e.g., plan of action and milestones [POA&M], risk register, risk detail report)
Use risk assessment findings to inform risk response decisions and actions
Communicate planned risk responses to affected stakeholders in priority order

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 NIST CSF v1.1 → 💼 ID.RA-6: Risk responses are identified and prioritized				no data
💼 NIST CSF v1.1 → 💼 RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks		7	7	no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-9 Risk Management Strategy				no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-18 Privacy Program Plan				no data
💼 NIST SP 800-53 Revision 5 → 💼 PM-30 Supply Chain Risk Management Strategy	1			no data
💼 NIST SP 800-53 Revision 5 → 💼 RA-7 Risk Response				no data

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance

Policy	Logic Count	Flags	Compliance
🛡️ Azure Subscription Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For App Services is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Containers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Key Vault is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Servers is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For SQL Servers On Machines is not set to On🟢	1	🟢 x6	no data
🛡️ Azure Subscription Microsoft Defender For Storage is not set to On🟢	1	🟢 x6	no data