>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

ID.IM-01Improvements are identified from evaluations

>Control Description

This improvement subcategory ensures that improvements are identified from evaluations. Key activities include: Perform self-assessments of critical services that take current threats and TTPs into consideration; Invest in third-party assessments or independent audits of the effectiveness of the organization’s cybersecurity program to identify areas that nee...; Constantly evaluate compliance with selected cybersecurity requirements through automated means.

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
AC-01
Compare
AT-01
Compare
AU-01
Compare
CA-01
Compare
CA-02
Compare
CA-05
Compare
CA-07
Compare
CA-08
Compare
CM-01
Compare
CP-01
Compare
CP-02
Compare
IA-01
Compare
IR-01
Compare
IR-04
Compare
IR-08
Compare
MA-01
Compare
MP-01
Compare
PE-01
Compare
PL-01
Compare
PL-02
Compare
PM-01
Compare
PS-01
Compare
PT-01
Compare
RA-01
Compare
RA-03
Compare
RA-05
Compare
RA-07
Compare
SA-01
Compare
SA-08
Compare
SA-11
Compare
SA-17(06)
Compare
SC-01
Compare
SI-01
Compare
SI-02
Compare
SI-04
Compare
SR-01
Compare
SR-05
Compare

PCI DSS v4.0.1

via NIST OLIR Catalog
12.3.1
Compare
12.3.4
Compare
12.4.2
Compare
12.4.2.1
Compare

ISO 27001:2022

via NIST OLIR Catalog
5.35
Compare

SOC 2 TSC

CC2.1
Compare
CC4.1
Compare
P6.2
Compare
P6.7
Compare
P8.1
Compare
PI1.1
Compare

SCF

CPL-03
Compare
CPL-03.2
Compare
IAO-02
Compare
IAO-02.4
Compare
IAO-05
Compare
TDA-09
Compare
TDA-09.1
Compare
TPM-04.1
Compare
TPM-08
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

A&A-02
A&A-03
A&A-04
A&A-05
CEK-09
SEF-04
SEF-05
STA-06
+2 more

CRI Profile v2.0

ID.IM-01
ID.IM-01.01
ID.IM-01.02
ID.IM-01.03
ID.IM-01.04
ID.IM-01.05

ISO/IEC 27001:2022

Mandatory Clause: 9.2
Mandatory Clause: 10.1
Mandatory Clause: 10.2
Annex A Controls: 5.35

NICE Framework

DD-WRL-004
DD-WRL-006
DD-WRL-007
DD-WRL-008
OG-WRL-016
PD-WRL-003

PCI DSS

12.4.2
12.4.2.1
12.3.1
12.3.4

SCF

CPL-03
CPL-03.2
IAO-02
IAO-05
TDA-09
TDA-09.1
TPM-04.1
TPM-08

SP 800-171 Rev 3

03.06.01
03.06.05
03.11.01
03.11.02
03.11.04
03.12.01
03.12.02
03.12.03
+6 more

SP 800-53 Rev 5.1.1

AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+29 more

SP 800-53 Rev 5.2.0

AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+29 more

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
RMF Assess Step: TASK A-3 Control Assessments
RMF Assess Step: TASK A-4 Assessment Reports
RMF Assess Step: TASK A-5 Remediation Actions
RMF Assess Step: TASK A-6 Plan of Action and Milestones
+1 more

Ask AI

Configure your API key to use AI features.