DE.AE-04: The estimated impact and scope of adverse events are understood

Previous Version:


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

Ex1: Use SIEMs or other tools to estimate impact and scope, and review and refine the estimates

Ex2: A person creates their own estimates of impact and scope

1st: 1st Party Risk