ID.IM-02
Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
Implementation examples
- Ex1: Identify improvements for future incident response activities based on findings from incident response assessments (e.g., tabletop exercises and simulations, tests, internal reviews, independent audits)
- Ex2: Identify improvements for future business continuity, disaster recovery, and incident response activities based on exercises performed in coordination with critical service providers and product suppliers
- Ex3: Involve internal stakeholders (e.g., senior executives, legal department, HR) in security tests and exercises as appropriate
- Ex4: Perform penetration testing to identify opportunities to improve the security posture of selected high-risk systems as approved by leadership
- Ex5: Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt
- Ex6: Collect and analyze performance metrics using security tools and services to inform improvements to the cybersecurity program
Mapped NIST 800-53 r5 controls (40)
AC-01AT-01AU-01CA-01CA-02CA-05CA-07CA-08CM-01CP-01CP-02CP-04IA-01IR-01IR-03IR-04IR-08MA-01MP-01PE-01PL-01PL-02PM-01PM-04PM-31PS-01PT-01RA-01RA-03RA-05RA-07SA-01SA-08SA-11SC-01SI-01SI-02SI-04SR-01SR-05
Mapped CWE weaknesses (1)
Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.
All informative references (161)
- CCMv4.0: BCR-06
- CCMv4.0: BCR-07
- CCMv4.0: BCR-10
- CCMv4.0: SEF-01
- CCMv4.0: SEF-03
- CCMv4.0: SEF-04
- CCMv4.0: SEF-05
- CCMv4.0: STA-14
- CCMv4.0: TVM-06
- CCMv4.0: UEM-14
- CIS Controls v8.0: 17.7
- CIS Controls v8.1: 17.7
- CRI Profile v2.0: ID.IM-02
- CRI Profile v2.0: ID.IM-02.01
- CRI Profile v2.0: ID.IM-02.02
- CRI Profile v2.0: ID.IM-02.03
- CRI Profile v2.0: ID.IM-02.04
- CRI Profile v2.0: ID.IM-02.05
- CRI Profile v2.0: ID.IM-02.06
- CRI Profile v2.0: ID.IM-02.07
- CRI Profile v2.0: ID.IM-02.08
- CRI Profile v2.0: ID.IM-02.09
- CSF v1.1: ID.SC-5
- CSF v1.1: PR.IP-10
- CSF v1.1: DE.DP-3
- CoP: D2
- ISO/IEC 27001:2022: Mandatory Clause: 9.2
- ISO/IEC 27001:2022: Mandatory Clause: 9.3
- ISO/IEC 27001:2022: Mandatory Clause: 10.1
- ISO/IEC 27001:2022: Mandatory Clause: 10.2
- ISO/IEC 27001:2022: Annex A Controls: 5.19
- ISO/IEC 27001:2022: Annex A Controls: 5.35
- NICE Framework: DD-WRL-004
- NICE Framework: DD-WRL-006
- NICE Framework: DD-WRL-007
- NICE Framework: OG-WRL-009
- NICE Framework: OG-WRL-016
- NICE Framework: PD-WRL-003
- OWASP Top 10 LLM Applications: LLM01-2025
- OWASP Top 10 LLM Applications: LLM05-2025
- PCI DSS: 12.10.2
- PCI DSS: 12.10.6
- PCI DSS: 11.4.4
- PCI DSS: 12.8.4
- SCF: BCD-05
- SCF: CPL-03
- SCF: CPL-03.2
- SCF: IAO-02
- SCF: IAO-05
- SCF: IRO-13
- SCF: TDA-09
- SCF: TDA-09.1
- SCF: TPM-04.1
- SCF: TPM-08
- SDOS: SDOS-AU-01
- SDOS: SDOS-RS-01
- SP 800-171 Rev 3: 03.06.01
- SP 800-171 Rev 3: 03.06.03
- SP 800-171 Rev 3: 03.06.05
- SP 800-171 Rev 3: 03.11.01
- SP 800-171 Rev 3: 03.11.02
- SP 800-171 Rev 3: 03.11.04
- SP 800-171 Rev 3: 03.12.01
- SP 800-171 Rev 3: 03.12.02
- SP 800-171 Rev 3: 03.12.03
- SP 800-171 Rev 3: 03.14.01
- SP 800-171 Rev 3: 03.14.06
- SP 800-171 Rev 3: 03.15.01
- SP 800-171 Rev 3: 03.15.02
- SP 800-171 Rev 3: 03.16.01
- SP 800-171 Rev 3: 03.17.02
- SP 800-221A: GV.CT-3
- SP 800-53 Rev 5.1.1: AC-01
- SP 800-53 Rev 5.1.1: AT-01
- SP 800-53 Rev 5.1.1: AU-01
- SP 800-53 Rev 5.1.1: CA-01
- SP 800-53 Rev 5.1.1: CM-01
- SP 800-53 Rev 5.1.1: CP-01
- SP 800-53 Rev 5.1.1: IA-01
- SP 800-53 Rev 5.1.1: IR-01
- SP 800-53 Rev 5.1.1: MA-01
- SP 800-53 Rev 5.1.1: MP-01
- SP 800-53 Rev 5.1.1: PE-01
- SP 800-53 Rev 5.1.1: PL-01
- SP 800-53 Rev 5.1.1: PM-01
- SP 800-53 Rev 5.1.1: PS-01
- SP 800-53 Rev 5.1.1: PT-01
- SP 800-53 Rev 5.1.1: RA-01
- SP 800-53 Rev 5.1.1: SA-01
- SP 800-53 Rev 5.1.1: SC-01
- SP 800-53 Rev 5.1.1: SI-01
- SP 800-53 Rev 5.1.1: SR-01
- SP 800-53 Rev 5.1.1: CA-02
- SP 800-53 Rev 5.1.1: CA-05
- SP 800-53 Rev 5.1.1: CA-07
- SP 800-53 Rev 5.1.1: CA-08
- SP 800-53 Rev 5.1.1: CP-02
- SP 800-53 Rev 5.1.1: CP-04
- SP 800-53 Rev 5.1.1: IR-03
- SP 800-53 Rev 5.1.1: IR-04
- SP 800-53 Rev 5.1.1: IR-08
- SP 800-53 Rev 5.1.1: PL-02
- SP 800-53 Rev 5.1.1: PM-04
- SP 800-53 Rev 5.1.1: PM-31
- SP 800-53 Rev 5.1.1: RA-03
- SP 800-53 Rev 5.1.1: RA-05
- SP 800-53 Rev 5.1.1: RA-07
- SP 800-53 Rev 5.1.1: SA-08
- SP 800-53 Rev 5.1.1: SA-11
- SP 800-53 Rev 5.1.1: SI-02
- SP 800-53 Rev 5.1.1: SI-04
- SP 800-53 Rev 5.1.1: SR-05
- SP 800-53 Rev 5.2.0: AC-01
- SP 800-53 Rev 5.2.0: AT-01
- SP 800-53 Rev 5.2.0: AU-01
- SP 800-53 Rev 5.2.0: CA-01
- SP 800-53 Rev 5.2.0: CM-01
- SP 800-53 Rev 5.2.0: CP-01
- SP 800-53 Rev 5.2.0: IA-01
- SP 800-53 Rev 5.2.0: IR-01
- SP 800-53 Rev 5.2.0: MA-01
- SP 800-53 Rev 5.2.0: MP-01
- SP 800-53 Rev 5.2.0: PE-01
- SP 800-53 Rev 5.2.0: PL-01
- SP 800-53 Rev 5.2.0: PM-01
- SP 800-53 Rev 5.2.0: PS-01
- SP 800-53 Rev 5.2.0: PT-01
- SP 800-53 Rev 5.2.0: RA-01
- SP 800-53 Rev 5.2.0: SA-01
- SP 800-53 Rev 5.2.0: SC-01
- SP 800-53 Rev 5.2.0: SI-01
- SP 800-53 Rev 5.2.0: SR-01
- SP 800-53 Rev 5.2.0: CA-02
- SP 800-53 Rev 5.2.0: CA-05
- SP 800-53 Rev 5.2.0: CA-07
- SP 800-53 Rev 5.2.0: CA-08
- SP 800-53 Rev 5.2.0: CP-02
- SP 800-53 Rev 5.2.0: CP-04
- SP 800-53 Rev 5.2.0: IR-03
- SP 800-53 Rev 5.2.0: IR-04
- SP 800-53 Rev 5.2.0: IR-08
- SP 800-53 Rev 5.2.0: PL-02
- SP 800-53 Rev 5.2.0: PM-04
- SP 800-53 Rev 5.2.0: PM-31
- SP 800-53 Rev 5.2.0: RA-03
- SP 800-53 Rev 5.2.0: RA-05
- SP 800-53 Rev 5.2.0: RA-07
- SP 800-53 Rev 5.2.0: SA-08
- SP 800-53 Rev 5.2.0: SA-11
- SP 800-53 Rev 5.2.0: SI-02
- SP 800-53 Rev 5.2.0: SI-04
- SP 800-53 Rev 5.2.0: SR-05
- SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
- SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
- SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
- SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
- SP-800-37 Rev 2: RMF Assess Step: TASK A-3 Control Assessments
- SP-800-37 Rev 2: RMF Assess Step: TASK A-4 Assessment Reports
- SP-800-37 Rev 2: RMF Assess Step: TASK A-5 Remediation Actions
- SP-800-37 Rev 2: RMF Assess Step: TASK A-6 Plan of Action and Milestones
- SP-800-37 Rev 2: RMF Monitor Step: TASK M-2 Ongoing Assessments
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).