Implementation Objective
Continuously evaluate likelihood and impact to focus resources on the highest material cybersecurity risks.
NIST CSF 2.0 Category
ID.RA Risk Assessment
ID Identify | Assess threats, vulnerabilities, and potential impact to prioritize action.
Implementation Actions
- Assess critical systems periodically.
- Incorporate threat and vuln trends.
- Link findings to treatment plans.
Evidence Examples
- Risk assessments
- Threat inputs
- Treatment plans
Suggested Metrics
- Assessment completion rate
- High-risk findings with treatment owner
Framework Crosswalk
Direct mappings for this CSF category into NIST SP 800-171 family sections and CIS Controls v8 implementation domains.