ID.RM-2

Standard

Standard Version

NIST CSF

(v1.1)

Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

Organizational risk tolerance is determined and clearly expressed