RSK-01.1 ยท Risk Framing

Control Description

Mechanisms exist to identify: (1) Assumptions affecting risk assessments, risk response and risk monitoring; (2) Constraints affecting risk assessments, risk response and risk monitoring; (3) The organizational risk tolerance; and (4) Priorities, benefits and trade-offs considered by the organization for managing risk.

Control Question
Assessment question for control validation

Does the organization identify: (1) Assumptions affecting risk assessments, risk response and risk monitoring; (2) Constraints affecting risk assessments, risk response and risk monitoring; (3) The organizational risk tolerance; and (4) Priorities, benefits and trade-offs considered by the organization for managing risk?

Control Weighting
9
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Core Control Designations
Special designations and baseline inclusions
MAD: RSK-01.1
ESP Level 1: RSK-01.1
ESP Level 2: RSK-01.1
ESP Level 3: RSK-01.1
Additional Metadata
Applicability (Process):
x