ID.RA-03
Internal and external threats to the organization are identified and recorded
Implementation examples
- Ex1: Use cyber threat intelligence to maintain awareness of the types of threat actors likely to target the organization and the TTPs they are likely to use
- Ex2: Perform threat hunting to look for signs of threat actors within the environment
- Ex3: Implement processes for identifying internal threat actors
Mapped NIST 800-53 r5 controls (4)
All informative references (51)
- AI-SOC: AI-SOC-05
- AI-SOC: AI-SOC-13
- CCMv4.0: A&A-05
- CCMv4.0: TVM-05
- CRI Profile v2.0: ID.RA-03
- CRI Profile v2.0: ID.RA-03.01
- CRI Profile v2.0: ID.RA-03.02
- CRI Profile v2.0: ID.RA-03.03
- CRI Profile v2.0: ID.RA-03.04
- CSF v1.1: ID.RA-3
- CoP: A5
- ISO/IEC 27001:2022: Mandatory Clause: 6.1.1
- ISO/IEC 27001:2022: Mandatory Clause: 6.1.2
- ISO/IEC 27001:2022: Mandatory Clause: 6.1.3
- ISO/IEC 27001:2022: Annex A Controls: 5.7
- ISO/IEC 27001:2022: Annex A Controls: 5.22
- ISO/IEC 27001:2022: Annex A Controls: 8.16
- NICE Framework: IO-WRL-006
- NICE Framework: OG-WRL-013
- NICE Framework: OG-WRL-014
- NICE Framework: PD-WRL-006
- NICE Framework: PD-WRL-007
- OWASP Top 10 LLM Applications: LLM01-2025
- OWASP Top 10 LLM Applications: LLM04-2025
- OWASP Top 10 LLM Applications: LLM06-2025
- OWASP Top 10 LLM Applications: LLM10-2025
- PCI DSS: 12.3.1
- SCF: THR-01
- SCF: THR-03
- SCF: THR-04
- SCF: THR-05
- SCF: THR-07
- SDOS: SDOS-AD-01
- SDOS: SDOS-AU-02
- SP 800-171 Rev 3: 03.11.01
- SP 800-171 Rev 3: 03.14.03
- SP 800-221A: MA.RI-2
- SP 800-53 Rev 5.1.1: PM-12
- SP 800-53 Rev 5.1.1: PM-16
- SP 800-53 Rev 5.1.1: RA-03
- SP 800-53 Rev 5.1.1: SI-05
- SP 800-53 Rev 5.2.0: PM-12
- SP 800-53 Rev 5.2.0: PM-16
- SP 800-53 Rev 5.2.0: RA-03
- SP 800-53 Rev 5.2.0: SI-05
- SP 800-81r3: 2.1.3
- SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
- SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
- SP-800-37 Rev 2: RMF Assess Step: TASK A-3 Control Assessments
- SP-800-37 Rev 2: RMF Monitor Step: TASK M-1 System and Environment Changes
- SP-800-37 Rev 2: RMF Monitor Step: TASK M-2 Ongoing Assessments
Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).