RSK-05
Risk Ranking
Description
Mechanisms exist to identify and assign a risk ranking to newly discovered security vulnerabilities that is based on industry-recognized practices.
Control Question
Does the organization identify and assign a risk ranking to newly discovered security vulnerabilities that is based on industry-recognized practices?
Control Metadata
Domain:
Risk Management
Validation Cadence:
Annual
Evidence Request List:
E-RSK-04
Framework Mappings
This control maps to the following compliance frameworks
MAS TRM
4.2.1
HKIA GL20
1.11.21.31.41.52.12.22.3