RSK-08 ยท Business Impact Analysis (BIA)

Control Description

Mechanisms exist to conduct a Business Impact Analysis (BIA) to identify and assess cybersecurity and data protection risks.

Control Question
Assessment question for control validation

Does the organization conduct a Business Impact Analysis (BIA) to identify and assess cybersecurity and data protection risks?

Control Weighting
8
Validation Cadence
Annual
NIST CSF Function
Identify
Supply Chain Risk Management (SCRM) Tiers
Applicable SCRM tier levels for this control
Tier 2 - Operational
Tier 3 - Tactical
Core Control Designations
Special designations and baseline inclusions
MAD: RSK-08
Additional Metadata
Applicability (Process):
x