RSK-05 ยท Risk Ranking

Control Description

Mechanisms exist to identify and assign a risk ranking to newly discovered security vulnerabilities that is based on industry-recognized practices.

Control Question
Assessment question for control validation

Does the organization identify and assign a risk ranking to newly discovered security vulnerabilities that is based on industry-recognized practices?

Control Weighting
9
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Core Control Designations
Special designations and baseline inclusions
MAD: RSK-05
ESP Level 1: RSK-05
ESP Level 2: RSK-05
ESP Level 3: RSK-05
Additional Metadata
Applicability (Process):
x