RSK-04 ยท Risk Assessment

Control Description

Mechanisms exist to conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of the organization's Technology Assets, Applications, Services and/or Data (TAASD).

Control Question
Assessment question for control validation

Does the organization conduct recurring assessments of risk that includes the likelihood and magnitude of harm, from unauthorized access, use, disclosure, disruption, modification or destruction of its Technology Assets, Applications, Services and/or Data (TAASD)?

Control Weighting
10
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 1 - Strategic
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: RSK-04
ESP Level 1: RSK-04
ESP Level 2: RSK-04
ESP Level 3: RSK-04
AI Model: RSK-04
Additional Metadata
Applicability (Process):
x
Errata & Additional Notes

- wordsmithed control