DE.AE-04
The estimated impact and scope of adverse events are understood
Implementation examples
- Ex1: Use SIEMs or other tools to estimate impact and scope, and review and refine the estimates
- Ex2: A person creates their own estimates of impact and scope
Mapped NIST 800-53 r5 controls (5)
Mapped CWE weaknesses (3)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
All informative references (39)
- AI-SOC: AI-SOC-06
- AI-SOC: AI-SOC-13
- CCMv4.0: LOG-03
- CCMv4.0: SEF-05
- CCMv4.0: SEF-06
- CRI Profile v2.0: DE.AE-04
- CRI Profile v2.0: DE.AE-04.01
- CSF v1.1: DE.AE-4
- Guardian-SDK: GS-PF-04
- ISO/IEC 27001:2022: Mandatory Clause: None
- ISO/IEC 27001:2022: Annex A Controls: 5.25
- NICE Framework: DD-WRL-004
- NICE Framework: IO-WRL-006
- NICE Framework: OG-WRL-002
- NICE Framework: OG-WRL-012
- NICE Framework: PD-WRL-001
- NICE Framework: PD-WRL-006
- OWASP Top 10 LLM Applications: LLM01-2025
- OWASP Top 10 LLM Applications: LLM02-2025
- OWASP Top 10 LLM Applications: LLM04-2025
- PCI DSS: 10.2.1
- PCI DSS: 10.4.1
- PCI DSS: 1.2.3
- PCI DSS: 1.2.4
- PCI DSS: 12.5.1
- SCF: IRO-02
- SCF: IRO-02.4
- SDOS: SDOS-AU-01
- SDOS: SDOS-RM-01
- SP 800-53 Rev 5.1.1: PM-09
- SP 800-53 Rev 5.1.1: PM-11
- SP 800-53 Rev 5.1.1: PM-18
- SP 800-53 Rev 5.1.1: PM-28
- SP 800-53 Rev 5.1.1: PM-30
- SP 800-53 Rev 5.2.0: PM-09
- SP 800-53 Rev 5.2.0: PM-11
- SP 800-53 Rev 5.2.0: PM-18
- SP 800-53 Rev 5.2.0: PM-28
- SP 800-53 Rev 5.2.0: PM-30
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).