>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

ID.RA-08Processes for receiving, analyzing, and responding to vulnerability disclosures are established

>Control Description

This risk assessment subcategory ensures that processes for receiving, analyzing, and responding to vulnerability disclosures are established. Key activities include: Conduct vulnerability information sharing between the organization and its suppliers following the rules and protocols defined in contracts; Assign responsibilities and verify the execution of procedures for processing, analyzing the impact of, and responding to cybersecurity threat, vul....

>Cross-Framework Mappings

NIST SP 800-53 r5

via NIST CSF 2.0 Concept Crosswalk
RA-05
Compare

CIS Controls v8

7.2
Compare

SCF

THR-01
Compare
THR-02
Compare
THR-03
Compare
VPM-01
Compare
VPM-02
Compare
VPM-03
Compare

>Informative References

Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0

CCMv4.0

AIS-07
TVM-03
TVM-09

CIS Controls v8.0

7.2

CIS Controls v8.1

7.2

CRI Profile v2.0

ID.RA-08
ID.RA-08.01
ID.RA-08.02

CSF v1.1

RS.AN-5

CoP

A5

ISO/IEC 27001:2022

Mandatory Clause: 6.1.2
Annex A Controls: None

NICE Framework

IO-WRL-006
OG-WRL-013
OG-WRL-014
PD-WRL-007

SCF

THR-01
THR-03
VPM-01
VPM-02

SP 800-171 Rev 3

03.11.02

SP 800-221A

MA.RI-3

SP 800-53 Rev 5.1.1

RA-05

SP 800-53 Rev 5.2.0

RA-05

SP-800-37 Rev 2

RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (System Level): TASK P-15 Requirements Definition
RMF Authorize Step: TASK R-3 Risk Response
RMF Monitor Step: TASK M-2 Ongoing Assessments
RMF Monitor Step: TASK M-3 Ongoing Risk Response

Ask AI

Configure your API key to use AI features.