💼 RA-1 RISK ASSESSMENT POLICY AND PROCEDURES

Contextual name: 💼 RA-1 RISK ASSESSMENT POLICY AND PROCEDURES
ID: /frameworks/nist-sp-800-53-r4/ra/01
Located in: 💼 RA RISK ASSESSMENT

Description

The organization: RA-1a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: RA-1a.1. A risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and RA-1a.2. Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and RA-1b. Reviews and updates the current: RA-1b.1. Risk assessment policy [Assignment: organization-defined frequency]; and RA-1b.2. Risk assessment procedures [Assignment: organization-defined frequency].

Similar

Internal
- ID: dec-c-cebaf58c

Similar Sections (Give Policies To)

Section	Sub Sections	Internal Rules	Policies	Flags
💼 NIST CSF v1.1 → 💼 ID.GV-1: Organizational cybersecurity policy is established and communicated
💼 NIST CSF v1.1 → 💼 ID.GV-3: Legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations, are understood and managed		2	2

Sub Sections

Section	Sub Sections	Internal Rules	Policies	Flags

Description​

Similar​

Similar Sections (Give Policies To)​

Sub Sections​

Description

Similar

Similar Sections (Give Policies To)

Sub Sections