Skip to main content

πŸ’Ό RA-3 RISK ASSESSMENT

  • Contextual name: πŸ’Ό RA-3 RISK ASSESSMENT
  • ID: /frameworks/nist-sp-800-53-r4/ra/03
  • Located in: πŸ’Ό RA RISK ASSESSMENT

Description​

The organization: RA-3a. Conducts an assessment of risk, including the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the information system and the information it processes, stores, or transmits; RA-3b. Documents risk assessment results in [Selection: security plan; risk assessment report; [Assignment: organization-defined document]]; RA-3c. Reviews risk assessment results [Assignment: organization-defined frequency]; RA-3d. Disseminates risk assessment results to [Assignment: organization-defined personnel or roles]; and RA-3e. Updates the risk assessment [Assignment: organization-defined frequency] or whenever there are significant changes to the information system or environment of operation (including the identification of new threats and vulnerabilities), or other conditions that may impact the security state of the system.

Similar​

  • Internal
    • ID: dec-c-567a0bb2

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό DE.AE-4: Impact of events is determined1414
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-1: Asset vulnerabilities are identified and documented1415
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-3: Threats, both internal and external, are identified and documented77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-4: Potential business impacts and likelihoods are identified77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.IP-12: A vulnerability management plan is developed and implemented78
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό RS.MI-3: Newly identified vulnerabilities are mitigated or documented as accepted risks77

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags