Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst
Controls
NIST CSF Function ID.RA-05
Controls — technical, administrative, and physical measures to protect assets — are highly dependent on normative documents to ensure consistency, effectiveness, and compliance. Standards like ISO/IEC 27001 Annex A provide a comprehensive catalog of security controls, while NIST SP 800-53 offers detailed control families for federal information systems. Regulators and agencies such as CISA in the U.S. or ENISA in the EU often reference these frameworks when defining minimum security requirements for organizations. By following these normative documents, organizations can implement proven safeguards, reduce vulnerabilities, and demonstrate adherence to legal and industry expectations, thereby strengthening their overall security posture.