RA-3(3)—Dynamic Threat Awareness
>Control Description
Determine the current cyber threat environment on an ongoing basis using [Assignment: organization-defined means].
>Supplemental Guidance
The threat awareness information that is gathered feeds into the organization’s information security operations to ensure that procedures are updated in response to the changing threat environment. For example, at higher threat levels, organizations may change the privilege or authentication thresholds required to perform certain operations.