August 31, 2016

Risk Assessment (ID.RA)

Objectives of Risk Assessment

The organization understands the cybersecurity risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals.

  • ID.RA-1: Asset vulnerabilities are identified and documented
  • ID.RA-2: Threat and vulnerability information is received from information sharing forums and sources
  • ID.RA-3: Threats, both internal and external, are identified and documented
  • ID.RA-4: Potential business impacts and likelihoods are identified
  • ID.RA-5: Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
  • ID.RA-6: Risk responses are identified and prioritized