>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RM-01Service Risk Rating Assignment

>Control Description

Annually, Organization prioritizes the frequency of vulnerability discovery activities based on an assigned service risk rating.

Theme

Process

Type

Detective

Policy/Standard

Risk Management Standard

>Implementation Guidance

1. Ensure Risk management standard is in place and documented which defines the frequency of vulnerability discovery activities based on an assigned service risk rating. 2. Ensure all the identified vulnerabilities are remediated based on the risk rating.

>Testing Procedure

1. Validate that the organization has a defined vulnerability management standard. 2. For a sample of vulnerabilities, test that it was remediated based on risk ranking.

>Audit Artifacts

E-RM-01
E-RM-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

ISO 27001
10

4.1
8.1
8.2
8.3
10.2
6.1.1
+4 more

FedRAMP Rev 5
3

CA-07
RA-05 (02)
RA-05 (03)

PCI DSS
5

12.3
12.3.1
12.3.2
12.3.3
12.3.4

TX-RAMP
3

CA-7
RA-5(2)
RA-5(3)

Ask AI

Configure your API key to use AI features.