Under active development — Content is continuously updated and improved

Home / Frameworks / DoD SRG / RA — Risk Assessment

RA — Risk Assessment

18 controls in the Risk Assessment family

RA-1Policy and Procedures

IL4 ModIL4 HighIL5IL6

RA-2Security Categorization

IL4 ModIL4 HighIL5IL6

RA-3Risk Assessment

IL4 ModIL4 HighIL5IL6

RA-3(1)Risk Assessment | Supply Chain Risk Assessment

IL4 ModIL4 HighIL5IL6

RA-3(2)Risk Assessment | Use of All-source Intelligence

RA-3(3)Risk Assessment | Dynamic Threat Awareness

RA-5Vulnerability Monitoring and Scanning

IL4 ModIL4 HighIL5IL6

RA-5(2)Vulnerability Monitoring and Scanning | Update Vulnerabilities to Be Scanned

IL4 ModIL4 HighIL5IL6

RA-5(3)Vulnerability Monitoring and Scanning | Breadth and Depth of Coverage

IL4 ModIL4 HighIL5IL6

RA-5(4)Vulnerability Monitoring and Scanning | Discoverable Information

RA-5(5)Vulnerability Monitoring and Scanning | Privileged Access

IL4 ModIL4 HighIL5IL6

RA-5(8)Vulnerability Monitoring and Scanning | Review Historic Audit Logs

RA-5(10)Vulnerability Monitoring and Scanning | Correlate Scanning Information

RA-5(11)Vulnerability Monitoring and Scanning | Public Disclosure Program

IL4 ModIL4 HighIL5IL6

RA-6Technical Surveillance Countermeasures Survey

RA-7Risk Response

IL4 ModIL4 HighIL5IL6

RA-9Criticality Analysis

IL4 ModIL4 HighIL5IL6

RA-10Threat Hunting

← Back to all controls