NIST CSF 2.0 · ID Identify
ID.RA-01 Vulnerabilities identified and recorded
Vulnerabilities in assets are identified, validated and recorded.
Mapped across 17 provisions
Equivalent and related requirements in other frameworks and regulations.
- CIS Controls v8EquivalentOfficial mapping
Source: CIS Controls v8 / NIST CSF 2.0
7.1 Establish and maintain a vulnerability management processVulnerability management
- NIST 800-53EquivalentOfficial mapping
Source: NIST CSF 2.0 / SP 800-53 Rev. 5
RA-5 Vulnerability monitoring and scanningVulnerability management
- NIST 800-53PartialOfficial mapping
Source: NIST CSF 2.0 / SP 800-53 Rev. 5
RA-3 Risk assessmentRisk assessment & management
- PCI DSSEquivalentOfficial mapping
Source: PCI DSS v4.0 / NIST CSF 2.0
Req. 11 Test security of systems and networks regularlyVulnerability management
- CCPA / CPRARelatedCurated§1798.150 Duty to implement reasonable security
Risk assessment & management
- Cyber EssentialsEquivalentCuratedCE-5 Security update management
Vulnerability management
- DORARelatedCuratedArt. 6 ICT risk management framework
Risk assessment & management
- Essential EightEquivalentCuratedE8-1 Patch applications
Vulnerability management
- Essential EightEquivalentCuratedE8-2 Patch operating systems
Vulnerability management
- GLBAPartialCurated§314.4(d) Regularly test or monitor safeguards
Vulnerability management
- HIPAARelatedCurated§164.308(a)(1) Security management process
Risk assessment & management
- ISO 27001EquivalentCuratedA.8.8 Management of technical vulnerabilities
Vulnerability management
- LGPDPartialCuratedArt. 46 Security measures
Risk assessment & management
- NIS2RelatedCuratedArt. 21(2)(a) Risk analysis and information system security policies
Risk assessment & management
- NIST 800-171EquivalentCurated3.11.2 Scan for vulnerabilities
Vulnerability management
- NIST 800-171RelatedCurated3.11.1 Periodically assess risk
Risk assessment & management
- SOC 2EquivalentCuratedCC7.1 Vulnerability detection and monitoring
Vulnerability management