ID.RA-03: Internal and external threats to the organization are identified and recorded

Previous Version:


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

3rd: 3rd Party Risk

Ex1: Use cyber threat intelligence to maintain awareness of the types of threat actors likely to target the organization and the TTPs they are likely to use

Ex2: Perform threat hunting to look for signs of threat actors within the environment

Ex3: Implement processes for identifying internal threat actors