Skip to main content
RSK

Risk Management

32 controls

Proactively identify, assess, prioritize and remediate risk through alignment with industry-recognized risk management principles to ensure risk decisions adhere to the organization's risk threshold.

SCF # Control Name Weight NIST CSF Frameworks
RSK-01 Risk Management Program 10 — Critical Govern 134
RSK-01.1 Risk Framing 9 — Critical Identify 57
RSK-01.2 Risk Management Resourcing 8 — High Protect 4
RSK-01.3 Risk Tolerance 9 — Critical Identify 17
RSK-01.4 Risk Threshold 9 — Critical Identify 15
RSK-01.5 Risk Appetite 9 — Critical Identify 17
RSK-02 Risk-Based Security Categorization 9 — Critical Identify 77
RSK-02.1 Impact-Level Prioritization 9 — Critical Identify 31
RSK-03 Risk Identification 9 — Critical Identify 68
RSK-03.1 Risk Catalog 5 — Medium Protect 22
RSK-04 Risk Assessment 10 — Critical Identify 135
RSK-04.1 Risk Register 10 — Critical Identify 56
RSK-04.2 Risk Assessment Methodology 8 — High Identify 7
RSK-04.3 Instances Requiring A Risk Assessment 9 — Critical Identify 1
RSK-04.4 Risk Assessment Stakeholder Involvement 8 — High Protect 1
RSK-05 Risk Ranking 9 — Critical Identify 44
RSK-06 Risk Remediation 10 — Critical Identify 68
RSK-06.1 Risk Response 9 — Critical Identify 70
RSK-06.2 Compensating Countermeasures 9 — Critical Respond 48
RSK-06.3 Risk Treatment Options 9 — Critical Protect 1
RSK-06.4 Risk Treatment Plan 9 — Critical Protect 1
RSK-07 Risk Assessment Update 9 — Critical Identify 40
RSK-08 Business Impact Analysis (BIA) 8 — High Identify 34
RSK-09 Supply Chain Risk Management (SCRM) Plan 10 — Critical Identify 75
RSK-09.1 Supply Chain Risk Assessment 9 — Critical Identify 49
RSK-09.2 AI & Autonomous Technologies Supply Chain Impacts 8 — High Protect 1
RSK-10 Data Protection Impact Assessment (DPIA) 9 — Critical Identify 53
RSK-11 Risk Monitoring 9 — Critical Detect 18
RSK-12 Risk Culture 4 — Medium Identify 6
RSK-13 Executive Leadership Approval For Managing Material Risk 9 — Critical Govern 1
RSK-13.1 Documented Alternatives 9 — Critical Govern 1
RSK-13.2 Documented Justification For Material Risk Management Decisions 9 — Critical Govern 1

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free