ID.RA-03—Internal and external threats to the organization are identified and recorded
>Control Description
This risk assessment subcategory ensures that internal and external threats to the organization are identified and recorded. Key activities include: Use cyber threat intelligence to maintain awareness of the types of threat actors likely to target the organization and the TTPs they are likely to...; Perform threat hunting to look for signs of threat actors within the environment; Implement processes for identifying internal threat actors.
>Cross-Framework Mappings
PCI DSS v4.0.1
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
A&A-05
TVM-05
CRI Profile v2.0
ID.RA-03
ID.RA-03.01
ID.RA-03.02
ID.RA-03.03
ID.RA-03.04
CSF v1.1
ID.RA-3
CoP
A5
ISO/IEC 27001:2022
Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.2
Mandatory Clause: 6.1.3
Annex A Controls: 5.7
Annex A Controls: 5.22
Annex A Controls: 8.16
NICE Framework
IO-WRL-006
OG-WRL-013
OG-WRL-014
PD-WRL-006
PD-WRL-007
PCI DSS
12.3.1
SCF
THR-01
THR-03
THR-04
THR-05
THR-07
SP 800-171 Rev 3
03.11.01
03.14.03
SP 800-221A
MA.RI-2
SP 800-53 Rev 5.1.1
PM-12
PM-16
RA-03
SI-05
SP 800-53 Rev 5.2.0
PM-12
PM-16
RA-03
SI-05
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
RMF Assess Step: TASK A-3 Control Assessments
RMF Monitor Step: TASK M-1 System and Environment Changes
RMF Monitor Step: TASK M-2 Ongoing Assessments
Ask AI
Configure your API key to use AI features.