NIST CSF 2.0 · All Functions · ID Identify · ID.IM Improvement

ID.IM-01

Implementation examples

• Ex1: Perform self-assessments of critical services that take current threats and TTPs into consideration
• Ex2: Invest in third-party assessments or independent audits of the effectiveness of the organization's cybersecurity program to identify areas that need improvement
• Ex3: Constantly evaluate compliance with selected cybersecurity requirements through automated means

Mapped NIST 800-53 r5 controls (37)

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

All informative references (140)

• CCMv4.0: A&A-02
• CCMv4.0: A&A-03
• CCMv4.0: A&A-04
• CCMv4.0: A&A-05
• CCMv4.0: CEK-09
• CCMv4.0: SEF-04
• CCMv4.0: SEF-05
• CCMv4.0: STA-06
• CCMv4.0: STA-11
• CCMv4.0: STA-13
• CRI Profile v2.0: ID.IM-01
• CRI Profile v2.0: ID.IM-01.01
• CRI Profile v2.0: ID.IM-01.02
• CRI Profile v2.0: ID.IM-01.03
• CRI Profile v2.0: ID.IM-01.04
• CRI Profile v2.0: ID.IM-01.05
• Guardian-SDK: GS-PO-02
• ISO/IEC 27001:2022: Mandatory Clause: 9.2
• ISO/IEC 27001:2022: Mandatory Clause: 10.1
• ISO/IEC 27001:2022: Mandatory Clause: 10.2
• ISO/IEC 27001:2022: Annex A Controls: 5.35
• NICE Framework: DD-WRL-004
• NICE Framework: DD-WRL-006
• NICE Framework: DD-WRL-007
• NICE Framework: DD-WRL-008
• NICE Framework: OG-WRL-016
• NICE Framework: PD-WRL-003
• PCI DSS: 12.4.2
• PCI DSS: 12.4.2.1
• PCI DSS: 12.3.1
• PCI DSS: 12.3.4
• SCF: CPL-03
• SCF: CPL-03.2
• SCF: IAO-02
• SCF: IAO-05
• SCF: TDA-09
• SCF: TDA-09.1
• SCF: TPM-04.1
• SCF: TPM-08
• SDOS: SDOS-AU-01
• SDOS: SDOS-RS-01
• SP 800-171 Rev 3: 03.06.01
• SP 800-171 Rev 3: 03.06.05
• SP 800-171 Rev 3: 03.11.01
• SP 800-171 Rev 3: 03.11.02
• SP 800-171 Rev 3: 03.11.04
• SP 800-171 Rev 3: 03.12.01
• SP 800-171 Rev 3: 03.12.02
• SP 800-171 Rev 3: 03.12.03
• SP 800-171 Rev 3: 03.14.01
• SP 800-171 Rev 3: 03.14.06
• SP 800-171 Rev 3: 03.15.01
• SP 800-171 Rev 3: 03.15.02
• SP 800-171 Rev 3: 03.16.01
• SP 800-171 Rev 3: 03.17.02
• SP 800-53 Rev 5.1.1: AC-01
• SP 800-53 Rev 5.1.1: AT-01
• SP 800-53 Rev 5.1.1: AU-01
• SP 800-53 Rev 5.1.1: CA-01
• SP 800-53 Rev 5.1.1: CM-01
• SP 800-53 Rev 5.1.1: CP-01
• SP 800-53 Rev 5.1.1: IA-01
• SP 800-53 Rev 5.1.1: IR-01
• SP 800-53 Rev 5.1.1: MA-01
• SP 800-53 Rev 5.1.1: MP-01
• SP 800-53 Rev 5.1.1: PE-01
• SP 800-53 Rev 5.1.1: PL-01
• SP 800-53 Rev 5.1.1: PM-01
• SP 800-53 Rev 5.1.1: PS-01
• SP 800-53 Rev 5.1.1: PT-01
• SP 800-53 Rev 5.1.1: RA-01
• SP 800-53 Rev 5.1.1: SA-01
• SP 800-53 Rev 5.1.1: SC-01
• SP 800-53 Rev 5.1.1: SI-01
• SP 800-53 Rev 5.1.1: SR-01
• SP 800-53 Rev 5.1.1: CA-02
• SP 800-53 Rev 5.1.1: CA-05
• SP 800-53 Rev 5.1.1: CA-07
• SP 800-53 Rev 5.1.1: CA-08
• SP 800-53 Rev 5.1.1: CP-02
• SP 800-53 Rev 5.1.1: IR-04
• SP 800-53 Rev 5.1.1: IR-08
• SP 800-53 Rev 5.1.1: PL-02
• SP 800-53 Rev 5.1.1: RA-03
• SP 800-53 Rev 5.1.1: RA-05
• SP 800-53 Rev 5.1.1: RA-07
• SP 800-53 Rev 5.1.1: SA-08
• SP 800-53 Rev 5.1.1: SA-11
• SP 800-53 Rev 5.1.1: SA-17(06)
• SP 800-53 Rev 5.1.1: SI-02
• SP 800-53 Rev 5.1.1: SI-04
• SP 800-53 Rev 5.1.1: SR-05
• SP 800-53 Rev 5.2.0: AC-01
• SP 800-53 Rev 5.2.0: AT-01
• SP 800-53 Rev 5.2.0: AU-01
• SP 800-53 Rev 5.2.0: CA-01
• SP 800-53 Rev 5.2.0: CM-01
• SP 800-53 Rev 5.2.0: CP-01
• SP 800-53 Rev 5.2.0: IA-01
• SP 800-53 Rev 5.2.0: IR-01
• SP 800-53 Rev 5.2.0: MA-01
• SP 800-53 Rev 5.2.0: MP-01
• SP 800-53 Rev 5.2.0: PE-01
• SP 800-53 Rev 5.2.0: PL-01
• SP 800-53 Rev 5.2.0: PM-01
• SP 800-53 Rev 5.2.0: PS-01
• SP 800-53 Rev 5.2.0: PT-01
• SP 800-53 Rev 5.2.0: RA-01
• SP 800-53 Rev 5.2.0: SA-01
• SP 800-53 Rev 5.2.0: SC-01
• SP 800-53 Rev 5.2.0: SI-01
• SP 800-53 Rev 5.2.0: SR-01
• SP 800-53 Rev 5.2.0: CA-02
• SP 800-53 Rev 5.2.0: CA-05
• SP 800-53 Rev 5.2.0: CA-07
• SP 800-53 Rev 5.2.0: CA-08
• SP 800-53 Rev 5.2.0: CP-02
• SP 800-53 Rev 5.2.0: IR-04
• SP 800-53 Rev 5.2.0: IR-08
• SP 800-53 Rev 5.2.0: PL-02
• SP 800-53 Rev 5.2.0: RA-03
• SP 800-53 Rev 5.2.0: RA-05
• SP 800-53 Rev 5.2.0: RA-07
• SP 800-53 Rev 5.2.0: SA-08
• SP 800-53 Rev 5.2.0: SA-11
• SP 800-53 Rev 5.2.0: SA-17(06)
• SP 800-53 Rev 5.2.0: SI-02
• SP 800-53 Rev 5.2.0: SI-04
• SP 800-53 Rev 5.2.0: SR-05
• SP 800-81r3: 1.2
• SP 800-81r3: 3.8.5
• SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
• SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
• SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
• SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
• SP-800-37 Rev 2: RMF Assess Step: TASK A-3 Control Assessments
• SP-800-37 Rev 2: RMF Assess Step: TASK A-4 Assessment Reports
• SP-800-37 Rev 2: RMF Assess Step: TASK A-5 Remediation Actions
• SP-800-37 Rev 2: RMF Assess Step: TASK A-6 Plan of Action and Milestones
• SP-800-37 Rev 2: RMF Monitor Step: TASK M-2 Ongoing Assessments

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).