800-53|PM-9

Title

RISK MANAGEMENT STRATEGY

Description

The organization:

Supplemental

An organization-wide risk management strategy includes, for example, an unambiguous expression of the risk tolerance for the organization, acceptable risk assessment methodologies, risk mitigation strategies, a process for consistently evaluating risk across the organization with respect to the organization's risk tolerance, and approaches for monitoring risk over time. The use of a risk executive function can facilitate consistent, organization-wide application of the risk management strategy. The organization-wide risk management strategy can be informed by risk-related inputs from other sources both internal and external to the organization to ensure the strategy is both broad-based and comprehensive.

Reference Item Details

Reference: NIST 800-53 - Security and Privacy Controls for Federal Information Systems and Organizations

Related: RA-3

Category: PROGRAM MANAGEMENT

Family: PROGRAM MANAGEMENT

Audit Items

View all Reference Audit Items

Name	Plugin	Audit Name
Building Threat Protection Layers	amazon_aws	Tenable AWS Best Practice Audit
Conclusion	amazon_aws	Tenable AWS Best Practice Audit
Design Your ISMS to Protect Your Assets on AWS	amazon_aws	Tenable AWS Best Practice Audit
Mitigating and Protecting Against DoS & DDoS Attacks	amazon_aws	Tenable AWS Best Practice Audit
Mitigating Compromise and Abuse	amazon_aws	Tenable AWS Best Practice Audit
Test Security	amazon_aws	Tenable AWS Best Practice Audit
Using Additional Application Security Practices	amazon_aws	Tenable AWS Best Practice Audit

Detections

Analytics