PM-9: Risk Management Strategy

From NIST's SP800-53:

a. Develops a comprehensive strategy to manage: 1. Security risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of organizational systems; and 2. Privacy risk to individuals resulting from the authorized processing of personally identifiable information; b. Implement the risk management strategy consistently across the organization; and c. Review and update the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizational changes.

Cyber Threat Graph Context

Explore how this control relates to the wider threat graph

SP800-53 Control Mapped to NIST Cyber Security Framework

Generated from NISTs SP800-53/CSF Crosswalk mappings.

Search:

Control ID	Description
ID.RA-6	Risk responses are identified and prioritized
ID.RA-4	Potential business impacts and likelihoods are identified
ID.RM-3	The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
ID.GV-4	Governance and risk management processes address cybersecurity risks
ID.RM-2	Organizational risk tolerance is determined and clearly expressed
ID.SC-2	Suppliers and third party partners of information systems, components, and services are identified, prioritized, and assessed using a cyber supply chain risk assessment process
ID.RM-1	Risk management processes are established, managed, and agreed to by organizational stakeholders
ID.SC-3	Contracts with suppliers and third-party partners are used to implement appropriate measures designed to meet the objectives of an organization’s cybersecurity program and Cyber Supply Chain Risk Management Plan.
ID.SC-1	Cyber supply chain risk management processes are identified, established, assessed, managed, and agreed to by organizational stakeholders

Showing 1 to 9 of 9 entries