πΌ RA-9 Criticality Analysis
- Contextual name: πΌ RA-9 Criticality Analysis
- ID:
/frameworks/nist-sp-800-53-r5/ra/09
- Located in: πΌ RA Risk Assessment
Descriptionβ
Identify critical system components and functions by performing a criticality analysis for [Assignment: organization-defined systems, system components, or system services] at [Assignment: organization-defined decision points in the system development life cycle].
Similarβ
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|
| πΌ FedRAMP High Security Controls β πΌ RA-9 Criticality Analysis (M)(H) | | | | |
| πΌ NIST CSF v2.0 β πΌ GV.OC-04: Critical objectives, capabilities, and services that external stakeholders depend on or expect from the organization are understood and communicated | | | 4 | |
| πΌ NIST CSF v2.0 β πΌ GV.SC-04: Suppliers are known and prioritized by criticality | | | 7 | |
| πΌ NIST CSF v2.0 β πΌ GV.SC-07: The risks posed by a supplier, their products and services, and other third parties are understood, recorded, prioritized, assessed, responded to, and monitored over the course of the relationship | | | 26 | |
| πΌ NIST CSF v2.0 β πΌ ID.AM-05: Assets are prioritized based on classification, criticality, resources, and impact on the mission | | | | |
| πΌ NIST CSF v2.0 β πΌ ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded | | | 7 | |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|