RA-3(3): Dynamic Threat Awareness

Control Family:

Risk Assessment

Parent Control:

RA-3: Risk Assessment


(Not part of any baseline)

Info icon.

Control is new to this version of the control set.

Control Statement

Determine the current cyber threat environment on an ongoing basis using [Assignment: organization-defined means].

Supplemental Guidance

The threat awareness information that is gathered feeds into the organization's information security operations to ensure that procedures are updated in response to the changing threat environment. For example, at higher threat levels, organizations may change the privilege or authentication thresholds required to perform certain operations.