RA-7

  • Requirement

    Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance.

  • Discussion

    Organizations have many options for responding to risk including mitigating risk by implementing new controls or strengthening existing controls, accepting risk with appropriate justification or rationale, sharing or transferring risk, or avoiding risk. The risk tolerance of the organization influences risk response decisions and actions. Risk response addresses the need to determine an appropriate response to risk before generating a plan of action and milestones entry. For example, the response may be to accept risk or reject risk, or it may be possible to mitigate the risk immediately so that a plan of action and milestones entry is not needed. However, if the risk response is to mitigate the risk, and the mitigation cannot be completed immediately, a plan of action and milestones entry is generated.

More Info

  • Title

    Risk Response
  • Family

    Risk Assessment
  • NIST 800-53B Baseline(s)

    • Low
    • Moderate
    • High
    • Privacy
  • Related NIST 800-53 ID

    CA-5;IR-9;PM-4;PM-28;RA-2;RA-3;SR-2

NIST 800-53A Assessment Guidance

CMMC Training

Our CMMC Overview Course simplifies CMMC. Enroll so you can make informed decisions!