Skip to main content

πŸ’Ό SA-14 CRITICALITY ANALYSIS

Description​

The organization identifies critical information system components and functions by performing a criticality analysis for [Assignment: organization-defined information systems, information system components, or information system services] at [Assignment: organization-defined decision points in the system development life cycle].

Similar​

  • Internal
    • ID: dec-c-954e6750

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.AM-5: Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.BE-3: Priorities for organizational mission, objectives, and activities are established and communicated
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.BE-4: Dependencies and critical functions for delivery of critical services are established4
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.BE-5: Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations)44
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RA-4: Potential business impacts and likelihoods are identified77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.RM-3: The organization's determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό ID.SC-2: Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process77
πŸ’Ό NIST CSF v1.1 β†’ πŸ’Ό PR.PT-5: Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations44

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό SA-14 (1) CRITICAL COMPONENTS WITH NO VIABLE ALTERNATIVE SOURCING