Back

Disseminate and communicate the risk assessment procedures to interested personnel and affected parties.


CONTROL ID
14136
CONTROL TYPE
Communicate
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain risk assessment procedures., CC ID: 06446

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., StateRAMP Security Controls Baseline Summary Category 1, Version 1.1)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., StateRAMP Security Controls Baseline Summary Category 2, Version 1.1)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., StateRAMP Security Controls Baseline Summary Category 3, Version 1.1)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., StateRAMP Security Controls Baseline Summary High Sensitivity Level, Version 1.1)
  • As discussed beginning in paragraph 2.56, service organization management may document controls in a variety of ways. The nature and extent of documentation usually varies, depending on the size and complexity of the service organization and its monitoring activities. In some cases, the service audi… (ΒΆ 3.97, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2. High Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2. Low Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2. Moderate Baseline Controls, FedRAMP Baseline Security Controls, 8/28/2018)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., FedRAMP Security Controls High Baseline, Version 5)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., FedRAMP Security Controls Low Baseline, Version 5)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., FedRAMP Security Controls Moderate Baseline, Version 5)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, High Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Low Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Moderate Impact Baseline, October 2020)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Distribute the results of risk framing activities to [Assignment: organization-defined personnel]; and (PM-28b., Control Baselines for Information Systems and Organizations, NIST SP 800-53B, Privacy Control Baseline, October 2020)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Distribute the results of risk framing activities to [Assignment: organization-defined personnel]; and (PM-28b., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161, Revision 1, Appendix A, C-SCRM Level 3 Controls)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2. Low Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2. Moderate Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2. High Baseline Controls, Guide to Industrial Control Systems (ICS) Security, Revision 2)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Distribute the results of risk framing activities to [Assignment: organization-defined personnel]; and (PM-28b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5)
  • Procedures to facilitate the implementation of the risk assessment policy and the associated risk assessment controls; (RA-1a.2., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Distribute the results of risk framing activities to [Assignment: organization-defined personnel]; and (PM-28b., Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-53, Revision 5.1.1)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161, April 2015)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., TX-RAMP Security Controls Baseline Level 1)
  • Procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls; and (RA-1a.2., TX-RAMP Security Controls Baseline Level 2)