RA-3(3): Dynamic Threat Awareness

Control Family:

Risk Assessment

Parent Control:

RA-3: Risk Assessment

CSF v1.1 References:

ID.GV-4
ID.RA-1
ID.RA-3
ID.RA-4
ID.RA-5
ID.SC-2
PR.IP-12
DE.AE-4
RS.AN-2
RS.AN-4
RS.MI-3

Baselines:

(Not part of any baseline)

Control is new to this version of the control set.

Control Statement

Determine the current cyber threat environment on an ongoing basis using [Assignment: organization-defined means].

Supplemental Guidance

The threat awareness information that is gathered feeds into the organization's information security operations to ensure that procedures are updated in response to the changing threat environment. For example, at higher threat levels, organizations may change the privilege or authentication thresholds required to perform certain operations.

Control Statement

Supplemental Guidance

Related Controls

NIST Special Publication 800-53 Revision 5