NIST FISMA Tool
Dashboard
System Authorizations
Import
Export
Login
New Control
Dashboard
Controls
RA-7
RA-7
Risk Response
Control Information
Control Identifier
Identifier cannot be changed after creation
Control Name
Control Text
Respond to findings from security and privacy assessments, monitoring, and audits in accordance with organizational risk tolerance.
Discussion
Organizations have many options for responding to risk including mitigating risk by implementing new controls or strengthening existing controls, accepting risk with appropriate justification or rationale, sharing or transferring risk, or avoiding risk. The risk tolerance of the organization influences risk response decisions and actions. Risk response addresses the need to determine an appropriate response to risk before generating a plan of action and milestones entry. For example, the response may be to accept risk or reject risk, or it may be possible to mitigate the risk immediately so that a plan of action and milestones entry is not needed. However, if the risk response is to mitigate the risk, and the mitigation cannot be completed immediately, a plan of action and milestones entry is generated.
Related Controls
Comma-separated list of related control identifiers (e.g., AC-2, AC-3, AC-4)
Implementation Status
Status
Not Implemented
Planned
Partially Implemented
Implemented
Inherited
Inherited Control
Mark if this control is inherited from another system
Inherited From
Name of the system or component from which this control is inherited
Additional Information
Notes
Save Changes
Cancel