Risk Response from NIST 800-171 Rev 3 framework

SAMMY UI is optimized for resolutions with a width 1024px and higher.

Access Control
Awareness and Training
- Literacy Training and Awareness
- Role-Based Training
Audit and Accountability
Configuration Management
Identification and Authentication
Incident Response
Maintenance
Media Protection
Personnel Security
- Personnel Screening
- Personnel Termination and Transfer
Physical Protection
Risk Assessment
Security Assessment and Monitoring
System and Communications Protection
System and Information Integrity
Planning
System and Services Acquisition
Supply Chain Risk Management

Risk Response

03.11.04: Risk Response

Respond to findings from security assessments, monitoring, and audits.

Description

This requirement addresses the need to determine an appropriate response to risk before generating a plan of action and milestones (POAM) entry. It may be possible to mitigate the risk immediately so that a POAM entry is not needed. However, a POAM entry is generated if the risk response is to mitigate the identified risk and the mitigation cannot be completed immediately.