Skip to content
    Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst

    Vulns

    NIST CSF Sub-Category ID.RA-01
    Managing vulnerabilities is essential to prevent exploitation and protect critical systems, and normative documents provide the standards and legal frameworks to guide this process. Standards like ISO/IEC 27001 and ISO/IEC 27002 define requirements for vulnerability management, while NIST SP 800-40 specifically provides guidance on patch and vulnerability management for information systems. Agencies such as CISA in the U.S. and ENISA in the EU regularly issue vulnerability alerts and best practices, helping organizations prioritize fixes and mitigations. Compliance with these standards and regulations ensures that vulnerabilities are systematically identified, assessed, and remediated, reducing risk exposure and supporting legal and contractual obligations.