|
RA-01
|
Policy and Procedures |
|
|
|
|
|
RA-02
|
Security Categorization |
|
|
|
|
|
RA-02(01)
|
Impact-level Prioritization |
|
|
|
|
|
RA-03
|
Risk Assessment |
|
|
|
|
|
RA-03(01)
|
Supply Chain Risk Assessment |
|
|
|
|
|
RA-03(02)
|
Use of All-source Intelligence |
|
|
|
|
|
RA-03(03)
|
Dynamic Threat Awareness |
|
|
|
|
|
RA-03(04)
|
Predictive Cyber Analytics |
|
|
|
|
|
RA-04
|
Risk Assessment Update |
Incorporated into
RA-3.
|
|
RA-05
|
Vulnerability Monitoring and Scanning |
|
|
|
|
|
RA-05(01)
|
Update Tool Capability |
Incorporated into
RA-5.
|
|
RA-05(02)
|
Update Vulnerabilities to Be Scanned |
|
|
|
|
|
RA-05(03)
|
Breadth and Depth of Coverage |
|
|
|
|
|
RA-05(04)
|
Discoverable Information |
|
|
|
|
|
RA-05(05)
|
Privileged Access |
|
|
|
|
|
RA-05(06)
|
Automated Trend Analyses |
|
|
|
|
|
RA-05(07)
|
Automated Detection and Notification of Unauthorized Components |
Incorporated into
CM-8.
|
|
RA-05(08)
|
Review Historic Audit Logs |
|
|
|
|
|
RA-05(09)
|
Penetration Testing and Analyses |
Incorporated into
CA-8.
|
|
RA-05(10)
|
Correlate Scanning Information |
|
|
|
|
|
RA-05(11)
|
Public Disclosure Program |
|
|
|
|
|
RA-06
|
Technical Surveillance Countermeasures Survey |
|
|
|
|
|
RA-07
|
Risk Response |
|
|
|
|
|
RA-08
|
Privacy Impact Assessments |
|
|
|
|
|
RA-09
|
Criticality Analysis |
|
|
|
|
|
RA-10
|
Threat Hunting |
|
|
|
|