ID.IM-03—Improvements are identified from execution of operational processes, procedures, and activities
>Control Description
This improvement subcategory ensures that improvements are identified from execution of operational processes, procedures, and activities. Key activities include: Conduct collaborative lessons learned sessions with suppliers; Annually review cybersecurity policies, processes, and procedures to take lessons learned into account; Use metrics to assess operational cybersecurity performance over time.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkAC-01
CompareAT-01
CompareAU-01
CompareCA-01
CompareCA-02
CompareCA-05
CompareCA-07
CompareCA-08
CompareCM-01
CompareCP-01
CompareCP-02
CompareIA-01
CompareIR-01
CompareIR-04
CompareIR-08
CompareMA-01
CompareMP-01
ComparePE-01
ComparePL-01
ComparePL-02
ComparePM-01
ComparePM-04
ComparePM-31
ComparePS-01
ComparePT-01
CompareRA-01
CompareRA-03
CompareRA-05
CompareRA-07
CompareSA-01
CompareSA-04
CompareSA-08
CompareSA-11
CompareSC-01
CompareSI-01
CompareSI-02
CompareSI-04
CompareSR-01
CompareSR-05
CompareISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
A&A-01
AIS-01
AIS-03
BCR-01
CCC-01
CEK-01
DCS-01
DCS-02
+20 more
CRI Profile v2.0
ID.IM-03
ID.IM-03.01
ID.IM-03.02
CSF v1.1
PR.IP-7
PR.IP-8
DE.DP-5
RS.IM-1
RS.IM-2
RC.IM-1
RC.IM-2
ISO/IEC 27001:2022
Mandatory Clause: 9.1
Annex A Controls: 5.27
NICE Framework
DD-WRL-003
DD-WRL-004
DD-WRL-006
DD-WRL-007
IO-WRL-005
IO-WRL-006
OG-WRL-016
PD-WRL-003
PCI DSS
10.7.1
10.7.2
11.3.1
11.3.2
6.3.3
SCF
GOV-05
BCD-05
IRO-13
SP 800-171 Rev 3
03.06.01
03.06.05
03.11.01
03.11.02
03.11.04
03.12.01
03.12.02
03.12.03
+6 more
SP 800-221A
GV.AD-1
MA.RM-6
MA.IM-1
SP 800-53 Rev 5.1.1
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+31 more
SP 800-53 Rev 5.2.0
AC-01
AT-01
AU-01
CA-01
CM-01
CP-01
IA-01
IR-01
+31 more
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
RMF Assess Step: TASK A-3 Control Assessments
RMF Assess Step: TASK A-4 Assessment Reports
RMF Assess Step: TASK A-5 Remediation Actions
RMF Assess Step: TASK A-6 Plan of Action and Milestones
+1 more
Ask AI
Configure your API key to use AI features.