| 💼 FedRAMP High Security Controls → 💼 RA-7 Risk Response (L)(M)(H) | | | | |
| 💼 FedRAMP Low Security Controls → 💼 RA-7 Risk Response (L)(M)(H) | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated | | | 3 | |
| 💼 NIST CSF v2.0 → 💼 GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction | | | 3 | |
| 💼 NIST CSF v2.0 → 💼 GV.OV-02: The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.OV-03: Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes | | | 10 | |
| 💼 NIST CSF v2.0 → 💼 GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle | | | | |
| 💼 NIST CSF v2.0 → 💼 GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement | | | | |
| 💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations | | | 20 | |
| 💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties | | | 33 | |
| 💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities | | | 34 | |
| 💼 NIST CSF v2.0 → 💼 ID.RA-05: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization | | | 7 | |
| 💼 NIST CSF v2.0 → 💼 ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated | | | 7 | |
| 💼 NIST CSF v2.0 → 💼 RS.AN-08: An incident's magnitude is estimated and validated | | | 1 | |