Skip to main content

πŸ’Ό RA-2 SECURITY CATEGORIZATION

  • Contextual name: πŸ’Ό RA-2 SECURITY CATEGORIZATION
  • ID: /frameworks/nist-sp-800-53-r4/ra/02
  • Located in: πŸ’Ό RA RISK ASSESSMENT

Description​

The organization: RA-2a. Categorizes information and the information system in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance; RA-2b. Documents the security categorization results (including supporting rationale) in the security plan for the information system; and RA-2c. Ensures that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

Similar​

  • Internal
    • ID: dec-c-c6e0a1e2

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-4: Potential business impacts and likelihoods are identified77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags