3.7: Utilize a Risk-Rating Process

CSF v1.1 References:

PF v1.0 References:

Group:

Info icon.

The next version of the control set incorporates all or part of this control into: 7.2: Establish and Maintain a Remediation Process, 16.6: Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities, 18.3: Remediate Penetration Test Findings.

Control Statement

Utilize a risk-rating process to prioritize the remediation of discovered vulnerabilities.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]

Related Controls

NIST Special Publication 800-53 Revision 5

NIST Special Publication 800-171 Revision 2

NIST Special Publication 800-53 Revision 4