NIST CSF 2.0 · All Functions · ID Identify · ID.IM Improvement

ID.IM-03

Improvements are identified from execution of operational processes, procedures, and activities

Implementation examples

Ex1: Conduct collaborative lessons learned sessions with suppliers
Ex2: Annually review cybersecurity policies, processes, and procedures to take lessons learned into account
Ex3: Use metrics to assess operational cybersecurity performance over time

Mapped NIST 800-53 r5 controls (39)

AC-01 AT-01 AU-01 CA-01 CA-02 CA-05 CA-07 CA-08 CM-01 CP-01 CP-02 IA-01 IR-01 IR-04 IR-08 MA-01 MP-01 PE-01 PL-01 PL-02 PM-01 PM-04 PM-31 PS-01 PT-01 RA-01 RA-03 RA-05 RA-07 SA-01 SA-04 SA-08 SA-11 SC-01 SI-01 SI-02 SI-04 SR-01 SR-05

All informative references (163)

CCMv4.0: A&A-01
CCMv4.0: AIS-01
CCMv4.0: AIS-03
CCMv4.0: BCR-01
CCMv4.0: CCC-01
CCMv4.0: CEK-01
CCMv4.0: DCS-01
CCMv4.0: DCS-02
CCMv4.0: DCS-03
CCMv4.0: DCS-04
CCMv4.0: DSP-01
CCMv4.0: GRC-01
CCMv4.0: HRS-01
CCMv4.0: HRS-02
CCMv4.0: HRS-03
CCMv4.0: HRS-04
CCMv4.0: IAM-01
CCMv4.0: IAM-02
CCMv4.0: IPY-01
CCMv4.0: IVS-01
CCMv4.0: LOG-01
CCMv4.0: SEF-01
CCMv4.0: SEF-02
CCMv4.0: SEF-04
CCMv4.0: STA-01
CCMv4.0: TVM-01
CCMv4.0: TVM-02
CCMv4.0: UEM-01
CRI Profile v2.0: ID.IM-03
CRI Profile v2.0: ID.IM-03.01
CRI Profile v2.0: ID.IM-03.02
CSF v1.1: PR.IP-7
CSF v1.1: PR.IP-8
CSF v1.1: DE.DP-5
CSF v1.1: RS.IM-1
CSF v1.1: RS.IM-2
CSF v1.1: RC.IM-1
CSF v1.1: RC.IM-2
ISO/IEC 27001:2022: Mandatory Clause: 9.1
ISO/IEC 27001:2022: Annex A Controls: 5.27
NICE Framework: DD-WRL-003
NICE Framework: DD-WRL-004
NICE Framework: DD-WRL-006
NICE Framework: DD-WRL-007
NICE Framework: IO-WRL-005
NICE Framework: IO-WRL-006
NICE Framework: OG-WRL-016
NICE Framework: PD-WRL-003
PCI DSS: 10.7.1
PCI DSS: 10.7.2
PCI DSS: 11.3.1
PCI DSS: 11.3.2
PCI DSS: 6.3.3
SCF: GOV-05
SCF: BCD-05
SCF: IRO-13
SDOS: SDOS-AU-01
SDOS: SDOS-AU-02
SDOS: SDOS-RS-01
SP 800-171 Rev 3: 03.06.01
SP 800-171 Rev 3: 03.06.05
SP 800-171 Rev 3: 03.11.01
SP 800-171 Rev 3: 03.11.02
SP 800-171 Rev 3: 03.11.04
SP 800-171 Rev 3: 03.12.01
SP 800-171 Rev 3: 03.12.02
SP 800-171 Rev 3: 03.12.03
SP 800-171 Rev 3: 03.14.01
SP 800-171 Rev 3: 03.14.06
SP 800-171 Rev 3: 03.15.01
SP 800-171 Rev 3: 03.15.02
SP 800-171 Rev 3: 03.16.01
SP 800-171 Rev 3: 03.17.02
SP 800-221A: GV.AD-1
SP 800-221A: MA.RM-6
SP 800-221A: MA.IM-1
SP 800-53 Rev 5.1.1: AC-01
SP 800-53 Rev 5.1.1: AT-01
SP 800-53 Rev 5.1.1: AU-01
SP 800-53 Rev 5.1.1: CA-01
SP 800-53 Rev 5.1.1: CM-01
SP 800-53 Rev 5.1.1: CP-01
SP 800-53 Rev 5.1.1: IA-01
SP 800-53 Rev 5.1.1: IR-01
SP 800-53 Rev 5.1.1: MA-01
SP 800-53 Rev 5.1.1: MP-01
SP 800-53 Rev 5.1.1: PE-01
SP 800-53 Rev 5.1.1: PL-01
SP 800-53 Rev 5.1.1: PM-01
SP 800-53 Rev 5.1.1: PS-01
SP 800-53 Rev 5.1.1: PT-01
SP 800-53 Rev 5.1.1: RA-01
SP 800-53 Rev 5.1.1: SA-01
SP 800-53 Rev 5.1.1: SC-01
SP 800-53 Rev 5.1.1: SI-01
SP 800-53 Rev 5.1.1: SR-01
SP 800-53 Rev 5.1.1: CA-02
SP 800-53 Rev 5.1.1: CA-05
SP 800-53 Rev 5.1.1: CA-07
SP 800-53 Rev 5.1.1: CA-08
SP 800-53 Rev 5.1.1: CP-02
SP 800-53 Rev 5.1.1: IR-04
SP 800-53 Rev 5.1.1: IR-08
SP 800-53 Rev 5.1.1: PL-02
SP 800-53 Rev 5.1.1: PM-04
SP 800-53 Rev 5.1.1: PM-31
SP 800-53 Rev 5.1.1: RA-03
SP 800-53 Rev 5.1.1: RA-05
SP 800-53 Rev 5.1.1: RA-07
SP 800-53 Rev 5.1.1: SA-04
SP 800-53 Rev 5.1.1: SA-08
SP 800-53 Rev 5.1.1: SA-11
SP 800-53 Rev 5.1.1: SI-02
SP 800-53 Rev 5.1.1: SI-04
SP 800-53 Rev 5.1.1: SR-05
SP 800-53 Rev 5.2.0: AC-01
SP 800-53 Rev 5.2.0: AT-01
SP 800-53 Rev 5.2.0: AU-01
SP 800-53 Rev 5.2.0: CA-01
SP 800-53 Rev 5.2.0: CM-01
SP 800-53 Rev 5.2.0: CP-01
SP 800-53 Rev 5.2.0: IA-01
SP 800-53 Rev 5.2.0: IR-01
SP 800-53 Rev 5.2.0: MA-01
SP 800-53 Rev 5.2.0: MP-01
SP 800-53 Rev 5.2.0: PE-01
SP 800-53 Rev 5.2.0: PL-01
SP 800-53 Rev 5.2.0: PM-01
SP 800-53 Rev 5.2.0: PS-01
SP 800-53 Rev 5.2.0: PT-01
SP 800-53 Rev 5.2.0: RA-01
SP 800-53 Rev 5.2.0: SA-01
SP 800-53 Rev 5.2.0: SC-01
SP 800-53 Rev 5.2.0: SI-01
SP 800-53 Rev 5.2.0: SR-01
SP 800-53 Rev 5.2.0: CA-02
SP 800-53 Rev 5.2.0: CA-05
SP 800-53 Rev 5.2.0: CA-07
SP 800-53 Rev 5.2.0: CA-08
SP 800-53 Rev 5.2.0: CP-02
SP 800-53 Rev 5.2.0: IR-04
SP 800-53 Rev 5.2.0: IR-08
SP 800-53 Rev 5.2.0: PL-02
SP 800-53 Rev 5.2.0: PM-04
SP 800-53 Rev 5.2.0: PM-31
SP 800-53 Rev 5.2.0: RA-03
SP 800-53 Rev 5.2.0: RA-05
SP 800-53 Rev 5.2.0: RA-07
SP 800-53 Rev 5.2.0: SA-04
SP 800-53 Rev 5.2.0: SA-08
SP 800-53 Rev 5.2.0: SA-11
SP 800-53 Rev 5.2.0: SI-02
SP 800-53 Rev 5.2.0: SI-04
SP 800-53 Rev 5.2.0: SR-05
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
SP-800-37 Rev 2: RMF Assess Step: TASK A-3 Control Assessments
SP-800-37 Rev 2: RMF Assess Step: TASK A-4 Assessment Reports
SP-800-37 Rev 2: RMF Assess Step: TASK A-5 Remediation Actions
SP-800-37 Rev 2: RMF Assess Step: TASK A-6 Plan of Action and Milestones
SP-800-37 Rev 2: RMF Monitor Step: TASK M-2 Ongoing Assessments

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).