ID.RA-05—Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization
>Control Description
This risk assessment subcategory ensures that threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization. Key activities include: Develop threat models to better understand risks to the data and identify appropriate risk responses; Prioritize cybersecurity resource allocations and investments based on estimated likelihoods and impacts.
>Cross-Framework Mappings
ISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
A&A-05
BCR-02
CEK-07
CEK-20
TVM-01
TVM-08
CRI Profile v2.0
ID.RA-05
ID.RA-05.01
ID.RA-05.02
ID.RA-05.03
ID.RA-05.04
CSF v1.1
ID.RA-5
CoP
A5
ISO/IEC 27001:2022
Mandatory Clause: 6.1.1
Mandatory Clause: 6.1.2
Mandatory Clause: 6.1.3
Annex A Controls: 5.7
NICE Framework
DD-WRL-008
IO-WRL-006
OG-WRL-013
OG-WRL-014
PD-WRL-006
PD-WRL-007
PCI DSS
12.3.1
6.3.1
6.3.3
11.3.1.1
SCF
RSK-01.1
RSK-02.1
RSK-04
RSK-06.1
SP 800-171 Rev 3
03.11.01
03.11.04
SP 800-218
PW.1.1
SP 800-221A
MA.RA-2
SP 800-53 Rev 5.1.1
PM-16
RA-02
RA-03
RA-07
SP 800-53 Rev 5.2.0
PM-16
RA-02
RA-03
RA-07
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
RMF Authorize Step: TASK R-2 Risk Analysis and Determination
RMF Authorize Step: TASK R-3 Risk Response
Ask AI
Configure your API key to use AI features.