RA-2: Security Categorization

From NIST's SP800-53:

a. Categorize the system and information it processes, stores, and transmits; b. Document the security categorization results, including supporting rationale, in the security plan for the system; and c. Verify that the authorizing official or authorizing official designated representative reviews and approves the security categorization decision.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Control ID	Description
ID.RA-4	Potential business impacts and likelihoods are identified
ID.SC-2	Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process
ID.RA-5	Threats, vulnerabilities, likelihoods, and impacts are used to determine risk
ID.AM-5	Resources (e.g., hardware, devices, data, time, personnel, and software) are prioritized based on their classification, criticality, and business value

Showing 1 to 4 of 4 entries