Analysis: NIST Risk Management Framework 800-53A Parameters and Standardization
- Organization: National Institute of Technology (NIST)
- Data Source: SP 800-53A Assessing Security and Privacy Controls in Information Systems and Organizations
An organization's risk tolerance should be understood to ensure these parameters create a balance of confidentiality, integrity, and availability of information that is agreeable to all the communities of interest. If organizations are following the NIST 800-37 Risk Management Framework steps then their risk management strategy and risk tolerance should already be understood.
The pie chart below displays the ratio of ODP assessment objectives to pre-defined assessment objectives. Here are some summary control baseline percentages:
- LOW = 29.5%
- MODERATE = 30.9%
- HIGH = 32.3%
- Program-Level = 12.1%
You can read my first ODP-related post here.