ID.RA-01 - Identifying and Recording Asset Vulnerabilities
ID.RA-01 involves identifying, validating, and documenting vulnerabilities in organizational assets, including software, hardware, and facilities. This process uses tools and assessments to pinpoint weaknesses—like unpatched software or physical security gaps—that could be exploited. Recording these vulnerabilities ensures a clear record for tracking and remediation.
This subcategory supports risk management by providing a comprehensive view of potential entry points for threats, enabling prioritized responses. It includes monitoring external intelligence for new vulnerabilities, keeping the organization ahead of emerging risks. ID.RA-01 is a critical first step in understanding and mitigating asset-specific threats.
