💼 Risk Assessment (ID.RA)
- ID:
/frameworks/nist-csf-v2.0/id-ra
Description​
The cybersecurity risk to the organization, assets, and individuals is understood by the organization.
Similar​
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded | | | 31 | | no data |
| 💼 ID.RA-02: Cyber threat intelligence is received from information sharing forums and sources | | | | | no data |
| 💼 ID.RA-03: Internal and external threats to the organization are identified and recorded | | | 7 | | no data |
| 💼 ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded | | | 7 | | no data |
| 💼 ID.RA-05: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization | | | 7 | | no data |
| 💼 ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated | | | 7 | | no data |
| 💼 ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked | | | 31 | | no data |
| 💼 ID.RA-08: Processes for receiving, analyzing, and responding to vulnerability disclosures are established | | | 1 | | no data |
| 💼 ID.RA-09: The authenticity and integrity of hardware and software are assessed prior to acquisition and use | | | 4 | | no data |
| 💼 ID.RA-10: Critical suppliers are assessed prior to acquisition | | | 26 | | no data |