CCI-004633

Defines the systems or system components for employing advanced automation and analytics capabilities.

Implementation Guidance

Determine if: - [RA-03(04)_ODP[01]; advanced automation capabilities to predict and identify risks are defined] are employed to predict and identify risks to [RA-03(04)_ODP[02]; systems or system components where advanced automation and analytics capabilities are to be employed are defined]. - [RA-03(04)_ODP[03]; advanced analytics capabilities to predict and identify risks are defined] are employed to predict and identify risks to [RA-03(04)_ODP[02]; systems or system components where advanced automation and analytics capabilities are to be employed are defined].

Validation Procedures

Examine: [SELECT FROM: Risk assessment policy; security planning policy and procedures; procedures addressing organizational assessments of risk; risk assessment; risk assessment results; risk assessment reviews; risk assessment updates; risk reports; system security plan; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with risk assessment responsibilities; organizational personnel with security responsibilities]. Test: [SELECT FROM: Organizational processes for risk assessment; mechanisms supporting and/or conducting, documenting, reviewing, disseminating, and updating the risk assessment].

The controls below (if any) were marked by NIST as being related to CCI-004633.