⚠️ RA — Risk Assessment
Periodically assess, respond to, and monitor organizational risk
← Back to all domains3 Practices
L2 RA.L2-3.11.1
Periodically assess the risk to organizational operations, assets, and individuals
This practice requires organizations to regularly evaluate the risks that could affect their operations, assets, and people. It’s about understanding ...
Level 2 — Advanced
View Control →
L2 RA.L2-3.11.2
Scan for vulnerabilities in organizational systems and applications
This practice requires organizations to actively scan their systems and applications for vulnerabilities—weaknesses that could be exploited by attacke...
Level 2 — Advanced
View Control →
L2 RA.L2-3.11.3
Remediate vulnerabilities in accordance with risk assessments
This control requires organizations to fix identified vulnerabilities based on the severity and risk they pose to the organization. It means that once...
Level 2 — Advanced
View Control →