ID.RA-01—Vulnerabilities in assets are identified, validated, and recorded
>Control Description
This risk assessment subcategory ensures that vulnerabilities in assets are identified, validated, and recorded. Key activities include: Use vulnerability management technologies to identify unpatched and misconfigured software; Assess network and system architectures for design and implementation weaknesses that affect cybersecurity; Review, analyze, or test organization-developed software to identify design, coding, and default configuration vulnerabilities.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
AIS-05
AIS-07
TVM-01
TVM-03
TVM-05
TVM-06
TVM-07
TVM-08
+2 more
CIS Controls v8.0
7.1
CIS Controls v8.1
7.1
CRI Profile v2.0
ID.RA-01
ID.RA-01.01
ID.RA-01.02
ID.RA-01.03
CSF v1.1
ID.RA-1
PR.IP-12
DE.CM-8
CoP
A5
ISO/IEC 27001:2022
Mandatory Clause: None
Annex A Controls: 8.8
NICE Framework
DD-WRL-005
IO-WRL-006
OG-WRL-012
OG-WRL-013
OG-WRL-014
PD-WRL-007
PCI DSS
11.3.1
11.3.2
6.3.1
11.4.4
6.3.2
SCF
IAO-01
IAO-02
IAO-05
RSK-04
TDA-09
VPM-01
VPM-06
SP 800-171 Rev 3
03.11.01
03.11.02
03.12.01
03.12.03
03.14.03
03.14.06
SP 800-218
PO.5.2
SP 800-221A
MA.RI-3
SP 800-53 Rev 5.1.1
CA-02
CA-07
CA-08
RA-03
RA-05
SA-11(02)
SA-15(07)
SA-15(08)
+2 more
SP 800-53 Rev 5.2.0
CA-02
CA-07
CA-08
RA-03
RA-05
SA-11(02)
SA-15(07)
SA-15(08)
+2 more
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
RMF Assess Step: TASK A-3 Control Assessments
RMF Monitor Step: TASK M-1 System and Environment Changes
RMF Monitor Step: TASK M-2 Ongoing Assessments
Ask AI
Configure your API key to use AI features.