Skip to content
Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst

RA – Risks Asst

NIST CSF Category ID.RA
Risk assessment is a cornerstone of cybersecurity, and normative documents are essential in providing structured methodologies and legal expectations for evaluating threats, vulnerabilities, and potential impacts. Standards such as ISO/IEC 27005 for information security risk management and NIST SP 800-30 for risk assessment guidance outline best practices for identifying, analyzing, and prioritizing risks to information systems. Regulatory frameworks like the EU NIS2 Directive or the Gramm-Leach-Bliley Act (GLBA) in the U.S. require organizations to perform documented risk assessments as part of compliance obligations. By adhering to these standards and regulations, organizations can make informed decisions on risk mitigation, ensure accountability, and build trust with stakeholders while aligning with national and international cybersecurity expectations.

NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286C Rev. 1, Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight, completes the risk management cycle by detailing how prioritized risks are formally communicated and acted… Read More »NIST IR 8286C Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST IR 8286D, Using Business Impact Analysis to Inform Risk Prioritization and Response, bridges the gap between traditional Business Impact Analysis (BIA) and modern cybersecurity risk management. It provides a… Read More »NIST IR 8286D Using Business Impact Analysis to Inform Risk Prioritization and Response

NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile

The “Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile” is a NIST publication that provides organizations with a practical guide to managing ransomware risks using the updated NIST Cybersecurity… Read More »NIST IR 8374 Rev. 1 Ransomware Risk Management: A Cybersecurity Framework 2.0 Community Profile

COMPLIANCE FORGE Secure Controls Framework (SCF) Control Mapping

The ComplianceForge Secure Controls Framework (SCF) Control Mapping is a comprehensive resource designed to help organizations efficiently align their cybersecurity and privacy controls with multiple regulatory, statutory, and contractual requirements.… Read More »COMPLIANCE FORGE Secure Controls Framework (SCF) Control Mapping

CSA Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration

The Cloud Security Alliance’s (CSA) Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™) is an emerging, cloud-centric threat matrix designed to address the unique and rapidly evolving security risks in cloud… Read More »CSA Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration