NIST CSF: ID.RA-5 Subcategory

From NIST's Cyber Security Framework (version 1):

Threats, vulnerabilities, likelihoods, and impacts are used to determine risk

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
RA-3: Risk Assessment
RA-2: Security Categorization
PM-16: Threat Awareness Program

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Management of technical vulnerabilities (12.6.1)
    ISO 27001:2013

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
A2.b Assurance You have gained confidence in the effectiveness of the security of your technology, people, and processes relevant to essential functions.
B4.d Vulnerability Management You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.