ID.RA-06—Risk responses are chosen, prioritized, planned, tracked, and communicated
>Control Description
This risk assessment subcategory ensures that risk responses are chosen, prioritized, planned, tracked, and communicated. Key activities include: Apply the vulnerability management plan’s criteria for deciding whether to accept, transfer, mitigate, or avoid risk; Apply the vulnerability management plan’s criteria for selecting compensating controls to mitigate risk; Track the progress of risk response implementation (e.
>Cross-Framework Mappings
ISO 27001:2022
via NIST OLIR Catalog>Informative References
Official NIST mappings to external frameworks and standards. Source: NIST CSF 2.0
CCMv4.0
A&A-05
A&A-06
AIS-07
CEK-07
TVM-01
TVM-03
TVM-08
TVM-09
+1 more
CRI Profile v2.0
ID.RA-06
ID.RA-06.01
ID.RA-06.02
ID.RA-06.03
ID.RA-06.04
ID.RA-06.05
ID.RA-06.06
CSF v1.1
ID.RA-6
RS.MI-3
CoP
A5
ISO/IEC 27001:2022
Mandatory Clause: 6.13
Annex A Controls: 5.7
NICE Framework
IO-WRL-006
OG-WRL-010
OG-WRL-011
OG-WRL-013
OG-WRL-014
PD-WRL-006
PD-WRL-007
PCI DSS
6.3.3
11.3.1
11.3.2
12.10.1
SCF
RSK-01.1
RSK-02.1
RSK-06.1
SP 800-171 Rev 3
03.11.04
SP 800-218
PO.5.2
SP 800-221A
MA.RP
SP 800-53 Rev 5.1.1
PM-09
PM-18
PM-30
RA-07
SP 800-53 Rev 5.2.0
PM-09
PM-18
PM-30
RA-07
SP-800-37 Rev 2
RMF Prepare Step (Organization & Mission/Business Levels): TASK P-2 Risk Management Strategy
RMF Assess Step: TASK A-5 Remediation Actions
RMF Assess Step: TASK A-6 Plan of Action and Milestones
RMF Authorize Step: TASK R-3 Risk Response
RMF Monitor Step: TASK M-3 Ongoing Risk Response
RMF Monitor Step: TASK M-6 Ongoing Authorization
Ask AI
Configure your API key to use AI features.