ID.RM-2: Organizational risk tolerance is determined and clearly expressed
PF v1.0 References:
Description
[csf.tools Note: Subcategories do not have detailed descriptions.]
Related Controls
NIST Special Publication 800-53 Revision 5
PM-9: Risk Management Strategy
Develops a comprehensive strategy to manage: Security risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of organizational systems; and Privacy risk to individuals resulting from the authorized processing of personally identifiable information; Implement the risk management strategy consistently across the organization; and Review and updateā¦
Cloud Controls Matrix v3.0.1
GRM-11: Risk Management Framework
Risks shall be mitigated to an acceptable level. Acceptance levels based on risk criteria shall be established and documented in accordance with reasonable resolution time frames and stakeholder approval.
NIST Special Publication 800-53 Revision 4
PM-9: Risk Management Strategy
The organization: Develops a comprehensive strategy to manage risk to organizational operations and assets, individuals, other organizations, and the Nation associated with the operation and use of information systems; Implements the risk management strategy consistently across the organization; and Reviews and updates the risk management strategy [Assignment: organization-defined frequency] or as required, to address organizationalā¦