RA — Risk Assessment
13 controls in the Risk Assessment family
RA-1Policy and Procedures
LI-SaaS
LOW
MODERATE
HIGH
RA-2Security Categorization
LI-SaaS
LOW
MODERATE
HIGH
RA-3Risk Assessment
LI-SaaS
LOW
MODERATE
HIGH
RA-3 (01)Risk Assessment | Supply Chain Risk Assessment
LOW
MODERATE
HIGH
RA-5Vulnerability Monitoring and Scanning
LI-SaaS
LOW
MODERATE
HIGH
RA-5 (02)Vulnerability Monitoring and Scanning | Update Vulnerabilities to Be Scanned
LOW
MODERATE
HIGH
RA-5 (03)Vulnerability Monitoring and Scanning | Breadth and Depth of Coverage
MODERATE
HIGH
RA-5 (04)Vulnerability Monitoring and Scanning | Discoverable Information
HIGH
RA-5 (05)Vulnerability Monitoring and Scanning | Privileged Access
MODERATE
HIGH
RA-5 (08)Vulnerability Monitoring and Scanning | Review Historic Audit Logs
HIGH
RA-5 (11)Vulnerability Monitoring and Scanning | Public Disclosure Program
LI-SaaS
LOW
MODERATE
HIGH
RA-7Risk Response
LI-SaaS
LOW
MODERATE
HIGH
RA-9Criticality Analysis
MODERATE
HIGH