ID.RM-3

Standard

Standard Version

NIST CSF

(v1.1)

Risk Management Strategy (ID.RM): The organization’s priorities, constraints, risk tolerances, and assumptions are established and used to support operational risk decisions.

The organization’s determination of risk tolerance is informed by its role in critical infrastructure and sector specific risk analysis