Skip to content
Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst

RA – Risks Asst

NIST CSF Category ID.RA
Risk assessment is a cornerstone of cybersecurity, and normative documents are essential in providing structured methodologies and legal expectations for evaluating threats, vulnerabilities, and potential impacts. Standards such as ISO/IEC 27005 for information security risk management and NIST SP 800-30 for risk assessment guidance outline best practices for identifying, analyzing, and prioritizing risks to information systems. Regulatory frameworks like the EU NIS2 Directive or the Gramm-Leach-Bliley Act (GLBA) in the U.S. require organizations to perform documented risk assessments as part of compliance obligations. By adhering to these standards and regulations, organizations can make informed decisions on risk mitigation, ensure accountability, and build trust with stakeholders while aligning with national and international cybersecurity expectations.

NIST SP 800-221 Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio

NIST SP 800-221 serves as the critical functional bridge between enterprise-level strategy and technical delivery, focusing on the Enterprise Impact of Information and Communications Technology (ICT) Risk. It moves beyond… Read More »NIST SP 800-221 Enterprise Impact of Information and Communications Technology Risk: Governing and Managing ICT Risk Programs Within an Enterprise Risk Portfolio

NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations

NIST Special Publication 800-53 (NIST SP 800-53) provides a comprehensive catalog of security and privacy controls designed to protect federal information systems and organizations from a wide range of risks. The… Read More »NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations

MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

The MITRE Common Attack Pattern Enumeration and Classification (CAPEC) is a publicly available, comprehensive catalog that documents and categorizes common attack patterns used by adversaries to exploit software and systems.… Read More »MITRE CAPEC – Common Attack Pattern Enumeration and Classification Version 3.9

NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View

NIST SP 800-39 serves as the overarching flagship for information security risk management, providing the high-level governance necessary to align cybersecurity efforts with an organization’s core mission and business objectives.… Read More »NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View