ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Conduct collaborative lessons learned sessions with suppliers

Ex2: Annually review cybersecurity policies, processes, and procedures to take lessons learned into account

Ex3: Use metrics to assess operational cybersecurity performance over time