NIST CSF: ID.RA-3 Subcategory

From NIST's Cyber Security Framework (version 1):

Threats, both internal and external, are identified and documented

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Search:

Node
PM-16: Threat Awareness Program
PM-12: Insider Threat Program
SI-5: Security Alerts, Advisories, and Directives
RA-3: Risk Assessment

Showing 1 to 4 of 4 entries

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Segregation of duties (6.1.2)
ISO 27001:2013

Related ISA/IEC 62443 Controls

Clauses and controls from IEC 62443 (62443-2-1 and 62443-3-3) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

Conduct a detailed risk assessment (4.2.3.9)
ISA/IEC 62443-2-1:2009
Conduct risk assessments throughout the lifecycle of the IACs (4.2.3.12)
ISA/IEC 62443-2-1:2009

MITRE ATT&CK Techniques

See which MITRE ATT&CK techniques this control helps to protect against. This is based on mappings to associated SP800-53 controls.

Search:

ATT&CK ID	Title	Associated Tactics
T1210	Exploitation of Remote Services	Lateral Movement
T1068	Exploitation for Privilege Escalation	Privilege Escalation
T1212	Exploitation for Credential Access	Credential Access
T1211	Exploitation for Defense Evasion	Defense Evasion

Showing 1 to 4 of 4 entries

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Search:

Control ID	Name	Description
A2.a	Risk Management Process	Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.
B3.a	Understanding Data	You have a good understanding of data important to the operation of the essential function, where it is stored, where it travels and how unavailability or unauthorised access, modification or deletion would adversely impact the essential function. This also applies to third parties storing or accessing data important to the operation of essential functions.
B4.d	Vulnerability Management	You manage known vulnerabilities in your network and information systems to prevent adverse impact on the essential function.

Showing 1 to 3 of 3 entries

NIST CSF: ID.RA-3 Subcategory

Cyber Threat Graph Context

CSF Mapped to SP800-53 Controls

Related ISO 27001 Controls

Segregation of duties (6.1.2)

Related ISA/IEC 62443 Controls

Conduct a detailed risk assessment (4.2.3.9)

Conduct risk assessments throughout the lifecycle of the IACs (4.2.3.12)

MITRE ATT&CK Techniques

CSF Mapped to the NCSC CAF