ID.RA-05: Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization


[ Note: Subcategories do not have detailed descriptions. However NIST has provided the following implementation examples.]

Implementation Examples

1st: 1st Party Risk

Ex1: Develop threat models to better understand risks to the data and identify appropriate risk responses

Ex2: Prioritize cybersecurity resource allocations and investments based on estimated likelihoods and impacts