NIST CSF: ID.RA-4 Subcategory
From NIST's Cyber Security Framework (version 1):
Potential business impacts and likelihoods are identified
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
CSF Mapped to SP800-53 Controls
Generated from NIST's SP800-53/CSF Crosswalk mappings.
Related ISO 27001 Controls
Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Segregation of duties (6.1.2)
ISO 27001:2013 -
Learning from information security incidents (16.1.6)
ISO 27001:2013
Related ISA/IEC 62443 Controls
Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.
-
Conduct risk assessments throughout the lifecycle of the IACs (4.2.3.12)
ISA/IEC 62443-2-1:2009 -
Conduct a detailed risk assessment (4.2.3.9)
ISA/IEC 62443-2-1:2009
CSF Mapped to the NCSC CAF
Cyber Assessment Framework mappings generated from UK Cabinet Office data.
| Control ID | Name | Description |
|---|---|---|
| A4.a | Supply Chain | The organisation understands and manages security risks to networks and information systems supporting the operation of essential functions that arise as a result of dependencies on external suppliers. This includes ensuring that appropriate measures are employed where third party services are used. |
| A2.a | Risk Management Process | Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities. |