// Level 3 · Controls

Risk Assessment

NIST SP 800-53 Rev 5 Risk Assessment controls.

RA-01Medium

Policy and Procedures

Develop, document, and disseminate to [parameter]:

RA-02Medium

Security Categorization

Categorize the system and information it processes, stores, and transmits;

RA-03Medium

Risk Assessment

Conduct a risk assessment, including:

RA-04Medium

Risk Assessment Update

RA-05Medium

Vulnerability Monitoring and Scanning

Monitor and scan for vulnerabilities in the system and hosted applications [parameter] and when new vulnerabilities potentially affecting the system are identified and reported;

RA-06Medium

Technical Surveillance Countermeasures Survey

Employ a technical surveillance countermeasures survey at [parameter] [parameter].

RA-07Medium

Risk Response

Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance.

RA-08Medium

Privacy Impact Assessments

Conduct privacy impact assessments for systems, programs, or other activities before:

RA-09Medium

Criticality Analysis

Identify critical system components and functions by performing a criticality analysis for [parameter] at [parameter].

RA-10Medium

Threat Hunting

Establish and maintain a cyber threat hunting capability to: