ID.RA-04: Potential impacts and likelihoods of threats exploiting vulnerabilities are identified and recorded

Previous Version:


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Business leaders and cybersecurity risk management practitioners work together to estimate the likelihood and impact of risk scenarios and record them in risk registers

Ex2: Enumerate the potential business impacts of unauthorized access to the organization's communications, systems, and data processed in or by those systems

Ex3: Account for the potential impacts of cascading failures for systems of systems