Skip to main content

πŸ’Ό RA-7 Risk Response

  • Contextual name: πŸ’Ό RA-7 Risk Response
  • ID: /frameworks/nist-sp-800-53-r5/ra/07
  • Located in: πŸ’Ό RA Risk Assessment

Description​

Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance.

Similar​

  • Internal
    • ID: dec-c-928b7a5e

Similar Sections (Give Policies To)​

SectionSub SectionsInternal RulesPoliciesFlags
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό RA-7 Risk Response (L)(M)(H)
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό RA-7 Risk Response (L)(M)(H)
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OC-05: Outcomes, capabilities, and services that the organization depends on are understood and communicated4
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OV-01: Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OV-02: The cybersecurity risk management strategy is reviewed and adjusted to ensure coverage of organizational requirements and risks
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.OV-03: Organizational cybersecurity risk management performance is evaluated and reviewed for adjustments needed
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-01: Risk management objectives are established and agreed to by organizational stakeholders
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.RM-03: Cybersecurity risk management activities and outcomes are included in enterprise risk management processes
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-03: Cybersecurity supply chain risk management is integrated into cybersecurity and enterprise risk management, risk assessment, and improvement processes7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-09: Supply chain security practices are integrated into cybersecurity and enterprise risk management programs, and their performance is monitored throughout the technology product and service life cycle
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό GV.SC-10: Cybersecurity supply chain risk management plans include provisions for activities that occur after the conclusion of a partnership or service agreement
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations10
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties23
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities24
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-05: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-06: Risk responses are chosen, prioritized, planned, tracked, and communicated7
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό RS.AN-08: An incident's magnitude is estimated and validated

Sub Sections​

SectionSub SectionsInternal RulesPoliciesFlags