RSK-04—Risk Assessment

Weight: 10

>Control Description

Mechanisms exist to conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of the organization's Technology Assets, Applications, Services and/or Data (TAASD).

>Control Description

>Cross-Framework Mappings

NIST SP 800-53 r5

NIST CSF 2.0

ISO 27001:2022

PCI DSS v4.0.1

SOC 2 TSC

CMMC v2.0

NIST SP 800-171

FedRAMP Rev 5

NIST AI RMF

EU AI Act

Canada ITSP 10.171

OSFI B-13

India SEBI Guidelines

New Zealand HISF

New Zealand HISF Suppliers

EU AI Act (Detailed)

EU DORA

Saudi Arabia IoT Guidelines

Spain ENS

UK DEF STAN 05-138

SOC 2 TSC (Detailed)

GovRAMP

IEC TR 60601-4-5

IMO Maritime Cyber Risk

ISO 27001:2022 (Detailed)

ISO 27002:2022

ISO 27701

ISO 42001:2023 (Detailed)

NIST SP 800-161

NIST SP 800-171 Rev 3

NIST SP 800-171A Rev 3

NIST SP 800-171A

NIST SP 800-172

TISAX

Data Privacy Management Principles

FCA CRM

GLBA (16 CFR 314)

HIPAA Simplification 2013

NERC CIP

SEC Cybersecurity Rule

Nevada Regulation 5

NY DFS 23 NYCRR 500

Ask AI