SA-14: Criticality Analysis
From NIST's SP800-53:
[Withdrawn: Incorporated into RA-9.]
Cyber Threat Graph Context
Explore how this control relates to the wider threat graph
SP800-53 Control Mapped to NIST Cyber Security Framework
Generated from NISTs SP800-53/CSF Crosswalk mappings.
| Control ID | Description |
|---|---|
| ID.BE-4 | Dependencies and critical functions for delivery of critical services are established |
| ID.RM-3 | The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis |
| ID.AM-5 | Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value |
| ID.BE-5 | Resilience requirements to support delivery of critical services are established for all operating states (e.g. under duress/attack, during recovery, normal operations) |
| ID.BE-3 | Priorities for organizational mission, objectives, and activities are established and communicated |
| ID.SC-2 | Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process |
| PR.PT-5 | Mechanisms (e.g., failsafe, load balancing, hot swap) are implemented to achieve resilience requirements in normal and adverse situations |
| ID.RA-4 | Potential business impacts and likelihoods are identified |