ID.IM-01: Improvements are identified from evaluations

Info icon.

Subcategory is new to this version of the framework.


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Perform self-assessments of critical services that take current threats and TTPs into consideration

Ex2: Invest in third-party assessments or independent audits of the effectiveness of the organization's cybersecurity program to identify areas that need improvement

Ex3: Constantly evaluate compliance with selected cybersecurity requirements through automated means