Skip to main content

πŸ’Ό RA-2 Security Categorization

  • Contextual name: πŸ’Ό RA-2 Security Categorization
  • ID: /frameworks/nist-sp-800-53-r5/ra/02
  • Located in: πŸ’Ό RA Risk Assessment

Description​

a. Categorize the system and information it processes, stores, and transmits; b. Document the security categorization results, including supporting rationale, in the security plan for the system; and c. Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

Similar​

  • Internal
    • ID: dec-c-6d2849b0

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό RA-2 Security Categorization (L)(M)(H)
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό RA-2 Security Categorization (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.AM-05: Assets are prioritized based on classification, criticality, resources, and impact on the mission
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-05: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization7

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό RA-2(1) Security Categorization _ Impact-level Prioritization