ID.RM: Risk Management Strategy
Description
The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.
Framework Subcategories
ID.RM-1: Risk management processes are established, managed, and agreed to by organizational stakeholders
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.RM-2: Organizational risk tolerance is determined and clearly expressed
[csf.tools Note: Subcategories do not have detailed descriptions.]
ID.RM-3: The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis
[csf.tools Note: Subcategories do not have detailed descriptions.]