Improvement (ID.IM)

The cybersecurity risk to the organization, assets, and individuals is understood by the organization

Subcategories

Improvements are identified from evaluations

Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties

Improvements are identified from execution of operational processes, procedures, and activities

Incident response plans and other cybersecurity plans that affect operations are established, communicated, maintained, and improved

Frameworks and Controls

NIST Cybersecurity Framework V2.0