NIST CSF 2.0 · All Functions · ID Identify · ID.RA Risk Assessment

ID.RA-09

The authenticity and integrity of hardware and software are assessed prior to acquisition and use

Implementation examples

Ex1: Assess the authenticity and cybersecurity of critical technology products and services prior to acquisition and use

Mapped NIST 800-53 r5 controls (11)

SA-04 SA-05 SA-10 SA-11 SA-15 SA-17 SI-07 SR-05 SR-06 SR-10 SR-11

Mapped CWE weaknesses (2)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

CWE-1224→P CWE-1357←M →P

All informative references (56)

AI-SOC: AI-SOC-21
AI-SOC: AI-SOC-05
CCMv4.0: TVM-09
CRI Profile v2.0: EX.DD-04
CRI Profile v2.0: EX.DD-04.01
CRI Profile v2.0: EX.DD-04.02
CSF v1.1: PR.DS-8
CoP: A5
ISO/IEC 27001:2022: Mandatory Clause: None
ISO/IEC 27001:2022: Annex A Controls: 5.19
ISO/IEC 27001:2022: Annex A Controls: 5.20
ISO/IEC 27001:2022: Annex A Controls: 5.22
NICE Framework: IO-WRL-006
NICE Framework: OG-WRL-014
NICE Framework: OG-WRL-015
NICE Framework: PD-WRL-006
NICE Framework: PD-WRL-007
OWASP Top 10 LLM Applications: LLM03-2025
OWASP Top 10 LLM Applications: LLM04-2025
PCI DSS: 6.4.3
PCI DSS: 9.5.1.1
SCF: AST-15
SCF: TDA-01
SCF: TDA-14
SCF: TDA-14.1
SCF: TDA-14.2
SDOS: SDOS-IA-02
SDOS: SDOS-IN-03
SP 800-171 Rev 3: 03.11.01
SP 800-171 Rev 3: 03.17.02
SP 800-221A: MA.RI-3
SP 800-53 Rev 5.1.1: SA-04
SP 800-53 Rev 5.1.1: SA-05
SP 800-53 Rev 5.1.1: SA-10
SP 800-53 Rev 5.1.1: SA-11
SP 800-53 Rev 5.1.1: SA-15
SP 800-53 Rev 5.1.1: SA-17
SP 800-53 Rev 5.1.1: SI-07
SP 800-53 Rev 5.1.1: SR-05
SP 800-53 Rev 5.1.1: SR-06
SP 800-53 Rev 5.1.1: SR-10
SP 800-53 Rev 5.1.1: SR-11
SP 800-53 Rev 5.2.0: SA-04
SP 800-53 Rev 5.2.0: SA-05
SP 800-53 Rev 5.2.0: SA-10
SP 800-53 Rev 5.2.0: SA-11
SP 800-53 Rev 5.2.0: SA-15
SP 800-53 Rev 5.2.0: SA-17
SP 800-53 Rev 5.2.0: SI-07
SP 800-53 Rev 5.2.0: SR-05
SP 800-53 Rev 5.2.0: SR-06
SP 800-53 Rev 5.2.0: SR-10
SP 800-53 Rev 5.2.0: SR-11
SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-10 Asset Identification
SP-800-37 Rev 2: RMF Assess Step: TASK A-3 Control Assessments
SSDF: PO.5.2

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).