💼 RA-2 SECURITY CATEGORIZATION
- ID:
/frameworks/nist-sp-800-53-r4/ra/02
Description​
The organization: RA-2a. Categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance; RA-2b. Documents the security categorization results (including supporting rationale) in the security plan for the information system; and RA-2c. Ensures that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.
Similar​
Similar Sections (Give Policies To)​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
| 💼 NIST CSF v1.1 → 💼 ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value | | | | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.RA-4: Potential business impacts and likelihoods are identified | | 7 | 7 | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk | | 7 | 7 | | no data |
| 💼 NIST CSF v1.1 → 💼 ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process | | 7 | 7 | | no data |
Sub Sections​
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|