NIST CSF: ID.RM-3 Subcategory

From NIST's Cyber Security Framework (version 1):

The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

CSF Mapped to SP800-53 Controls

Generated from NIST's SP800-53/CSF Crosswalk mappings.

Node
SA-14: Criticality Analysis
PM-8: Critical Infrastructure Plan
PM-9: Risk Management Strategy
PM-11: Mission and Business Process Definition

Related ISO 27001 Controls

Annex A controls from ISO 27001 (2013) which are related to this CSF subcategory, taken from mappings by NIST and additional data from Ofgem.

  • Contact with authorities (6.1.3)
    ISO 27001:2013

CSF Mapped to the NCSC CAF

Cyber Assessment Framework mappings generated from UK Cabinet Office data.

Control ID Name Description
A2.a Risk Management Process Your organisation has effective internal processes for managing risks to the security of network and information systems related to the operation of essential functions and communicating associated activities.