NIST CSF 2.0 · All Functions · ID Identify · ID.RA Risk Assessment

ID.RA-05

Threats, vulnerabilities, likelihoods, and impacts are used to understand inherent risk and inform risk response prioritization

Implementation examples

Ex1: Develop threat models to better understand risks to the data and identify appropriate risk responses
Ex2: Prioritize cybersecurity resource allocations and investments based on estimated likelihoods and impacts

Mapped NIST 800-53 r5 controls (4)

PM-16 RA-02 RA-03 RA-07

Mapped CWE weaknesses (1)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1357→P

All informative references (50)

CCMv4.0: A&A-05
CCMv4.0: BCR-02
CCMv4.0: CEK-07
CCMv4.0: CEK-20
CCMv4.0: TVM-01
CCMv4.0: TVM-08
CRI Profile v2.0: ID.RA-05
CRI Profile v2.0: ID.RA-05.01
CRI Profile v2.0: ID.RA-05.02
CRI Profile v2.0: ID.RA-05.03
CRI Profile v2.0: ID.RA-05.04
CSF v1.1: ID.RA-5
CoP: A5
Guardian-SDK: GS-TT-09
ISO/IEC 27001:2022: Mandatory Clause: 6.1.1
ISO/IEC 27001:2022: Mandatory Clause: 6.1.2
ISO/IEC 27001:2022: Mandatory Clause: 6.1.3
ISO/IEC 27001:2022: Annex A Controls: 5.7
NICE Framework: DD-WRL-008
NICE Framework: IO-WRL-006
NICE Framework: OG-WRL-013
NICE Framework: OG-WRL-014
NICE Framework: PD-WRL-006
NICE Framework: PD-WRL-007
PCI DSS: 12.3.1
PCI DSS: 6.3.1
PCI DSS: 6.3.3
PCI DSS: 11.3.1.1
SCF: RSK-01.1
SCF: RSK-02.1
SCF: RSK-04
SCF: RSK-06.1
SDOS: SDOS-RM-01
SDOS: SDOS-RM-03
SP 800-171 Rev 3: 03.11.01
SP 800-171 Rev 3: 03.11.04
SP 800-221A: MA.RA-2
SP 800-53 Rev 5.1.1: PM-16
SP 800-53 Rev 5.1.1: RA-02
SP 800-53 Rev 5.1.1: RA-03
SP 800-53 Rev 5.1.1: RA-07
SP 800-53 Rev 5.2.0: PM-16
SP 800-53 Rev 5.2.0: RA-02
SP 800-53 Rev 5.2.0: RA-03
SP 800-53 Rev 5.2.0: RA-07
SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System
SP-800-37 Rev 2: RMF Authorize Step: TASK R-2 Risk Analysis and Determination
SP-800-37 Rev 2: RMF Authorize Step: TASK R-3 Risk Response
SSDF: PW.1.1

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).