GV.RM-06—A standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated
>Control Description
This risk management strategy subcategory ensures that a standardized method for calculating, documenting, categorizing, and prioritizing cybersecurity risks is established and communicated. Key activities include: Establish criteria for using a quantitative approach to cybersecurity risk analysis, and specify probability and exposure formulas; Create and use templates (e; Establish criteria for risk prioritization at the appropriate levels within the enterprise.
>Cross-Framework Mappings
NIST SP 800-53 r5
via NIST CSF 2.0 Concept CrosswalkPCI DSS v4.0.1
via NIST OLIR CatalogISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
GRC-02
TVM-08
IVS-08
CRI Profile v2.0
GV.RM-06
GV.RM-06.01
CSF v1.1
ID.RM-1
ISO/IEC 27001:2022
Mandatory Clause: 6.1.2
Annex A Controls: 5.1
NICE Framework
DD-WRL-006
IO-WRL-003
IO-WRL-006
OG-WRL-002
OG-WRL-007
OG-WRL-010
OG-WRL-012
OG-WRL-013
+2 more
PCI DSS
12.3.1
12.3.2
10.4.2.1
11.3.1.1
11.6.1
12.10.4.1
5.2.3.1
5.3.2.1
+8 more
SCF
RSK-01
RSK-01.1
RSK-04
SP 800-171 Rev 3
03.11.01
SP 800-221A
GV.RR-2
SP 800-53 Rev 5.1.1
PM-09
PM-18
PM-28
PM-30
RA-03
SP 800-53 Rev 5.2.0
PM-09
PM-18
PM-28
PM-30
RA-03
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-3 Risk Assessment—Organization
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-7 Continuous Monitoring Strategy—O
Ask AI
Configure your API key to use AI features.