NIST 800-53 REV 5 • RISK ASSESSMENT

RA-3(3)Dynamic Threat Awareness

Determine the current cyber threat environment on an ongoing basis using {{ insert: param, ra-03.03_odp }}.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

Supplemental Guidance

The threat awareness information that is gathered feeds into the organization’s information security operations to ensure that procedures are updated in response to the changing threat environment. For example, at higher threat levels, organizations may change the privilege or authentication thresholds required to perform certain operations.

Practitioner Notes

Dynamic threat awareness means continuously updating your understanding of threats rather than treating risk assessment as a one-time event. Your risk picture should change as the threat landscape changes.

Example 1: Configure your SIEM (Microsoft Sentinel, Splunk, etc.) to automatically ingest threat intelligence feeds and correlate indicators of compromise against your network data. When new threats emerge, your monitoring automatically adjusts to detect them without waiting for the next scheduled risk assessment.

Example 2: Establish a weekly threat briefing where your security team reviews the latest CISA alerts, vendor advisories, and dark web intelligence reports. Update your risk register and adjust your defensive priorities based on emerging threats that are relevant to your environment.

More Risk Assessment Controls

RA-1 Policy and Procedures RA-2 Security Categorization RA-2(1) Impact-level Prioritization RA-3 Risk Assessment