ID.RA-1: Asset vulnerabilities are identified and documented

Description

[csf.tools Note: Subcategories do not have detailed descriptions.]