ID.RA-04—Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded
>Control Description
This risk assessment subcategory ensures that potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded. Key activities include: Business leaders and cybersecurity risk management practitioners work together to estimate the likelihood and impact of risk scenarios and record t...; Enumerate the potential business impacts of unauthorized access to the organization’s communications, systems, and data processed in or by those sy...; Account for the potential impacts of cascading failures for systems of systems.
>Cross-Framework Mappings
>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
A&A-05
BCR-02
CEK-06
CEK-07
CEK-20
TVM-09
CRI Profile v2.0
ID.RA-04
ID.RA-04.01
CSF v1.1
ID.RA-4
CoP
A5
ISO/IEC 27001:2022
Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.2
Mandatory Clause: 6.1.3
Annex A Controls: None
NICE Framework
IO-WRL-006
OG-WRL-013
OG-WRL-014
PD-WRL-006
PD-WRL-007
PCI DSS
12.3.1
SP 800-171 Rev 3
03.11.01
SP 800-221A
MA.RI-4
SP 800-53 Rev 5.1.1
PM-09
PM-11
RA-02
RA-03
RA-08
RA-09
SP 800-53 Rev 5.2.0
PM-09
PM-11
RA-02
RA-03
RA-08
RA-09
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
Ask AI
Configure your API key to use AI features.