Home
Browse frameworks
Contact us
SAMMY premium
Login
SAMMY UI is optimized for resolutions with a width 1024px and higher.
NIST CSF 2.0
Browse NIST CSF 2.0
SAMM
DRP (Deprecated)
OpenSAMM1.5 (testing only)
ISO 27001 (Deprecated)
Cybersecurity Fundamentals
NIST CSF 2.0
NIST SSDF
NIST 800-34
DSOMM
BSIMM 14
GOVERN
Organizational Context
Risk Management Strategy
Roles, Responsibilities, and Authorities
Policies, Processes, and Procedures
Oversight
Supply Chain Risk Management
IDENTIFY
Asset Management
Risk Assessment
Improvement
PROTECT
Identity Management, Authentication, and Access Control
Awareness and Training
Data Security
Platform Security
Technology Infrastructure Resilience
DETECT
Continuous Monitoring
Adverse Event Analysis
RESPOND
Incident Management
Incident Analysis
Incident Response Reporting and Communication
Incident Mitigation
RECOVER
Incident Recovery Plan Execution
Incident Recovery Communication
Asset Vulnerability Identification
Information Sharing Forums
Threat Identification
Impact and Likelihood Analysis
Risk Exposure Determination and Prioritization
Risk Response Determination
Change and Exception Management
Vulnerability Disclosure Response
Integrity and Authenticity Verification
Critical Supplier Assessment
Asset Vulnerability Identification
ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded
Ex1: Use vulnerability management technologies to identify unpatched and misconfigured software
Ex2: Assess network and system architectures for design and implementation weaknesses that affect cybersecurity
Ex3: Review, analyze, or test organization-developed software to identify design, coding, and default configuration vulnerabilities
Ex4: Assess facilities that house critical computing assets for physical vulnerabilities and resilience issues
Ex5: Monitor sources of cyber threat intelligence for information on new vulnerabilities in products and services
Ex6: Review processes and procedures for weaknesses that could be exploited to affect cybersecurity
Not applicable
No
Tier 1: Partial
Tier 2: Risk informed
Tier 3: Repeatable
Tier 4: Adaptive
Description
Vulnerabilities in assets are identified, validated, and recorded