NIST CSF 2.0 · All Functions · ID Identify · ID.RA Risk Assessment

ID.RA-10

Implementation examples

• Ex1: Conduct supplier risk assessments against business and applicable cybersecurity requirements, including the supply chain

Mapped NIST 800-53 r5 controls (1)

Mapped CWE weaknesses (2)

Hover any chip for the human-reviewed coverage assessment in each direction. ← = the CWE covers this subcategory; → = this subcategory covers the CWE. F / M / P = full, mostly, partial.

All informative references (41)

• AI-SOC: AI-SOC-21
• AI-SOC: AI-SOC-05
• CCMv4.0: STA-08
• CRI Profile v2.0: EX.DD-03
• CRI Profile v2.0: EX.DD-03.01
• CRI Profile v2.0: EX.DD-03.02
• CRI Profile v2.0: EX.DD-03.03
• CSF v1.1: ID.SC-2
• CSF v1.1: ID.SC-4
• CoP: A4
• ISO/IEC 27001:2022: Mandatory Clause: None
• ISO/IEC 27001:2022: Annex A Controls: 5.19
• ISO/IEC 27001:2022: Annex A Controls: 5.20
• ISO/IEC 27001:2022: Annex A Controls: 5.22
• NICE Framework: IO-WRL-006
• NICE Framework: OG-WRL-009
• NICE Framework: OG-WRL-013
• NICE Framework: OG-WRL-014
• NICE Framework: OG-WRL-015
• NICE Framework: OG-WRL-016
• NICE Framework: PD-WRL-006
• NICE Framework: PD-WRL-007
• OWASP Top 10 LLM Applications: LLM03-2025
• PCI DSS: 12.8.3
• PCI DSS: 12.8.1
• PCI DSS: 12.8.2
• SCF: TPM-02
• SCF: TPM-04.1
• SDOS: SDOS-IA-02
• SDOS: SDOS-IN-03
• SP 800-171 Rev 3: 03.11.01
• SP 800-221A: GV.CT-2
• SP 800-221A: GV.CT-3
• SP 800-221A: MA.RM-2
• SP 800-221A: MA.RM-3
• SP 800-53 Rev 5.1.1: SR-06
• SP 800-53 Rev 5.2.0: SR-06
• SP 800-81r3: 2.1.2
• SP-800-37 Rev 2: RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
• SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-10 Asset Identification
• SP-800-37 Rev 2: RMF Prepare Step (System Level): TASK P-14 Risk Assessment—System

Source: NIST Cybersecurity Framework 2.0 · CSF 2.0 → 800-53 mappings sourced from NIST Cybersecurity & Privacy Reference Tool (CPRT) · US government work — attribution requested per NIST Open License Terms. Direct CSF→CWE/CVE cross-references will be added in a Phase B LLM-authored mapping pass (not yet rendered).