Does your organization regularly conduct self-assessments of critical services that incorporate current threat intelligence and adversary tactics, techniques, and procedures (TTPs)?
Explanation
Regular self-assessments help identify vulnerabilities in critical services before they can be exploited by threat actors using current attack methods.
These assessments should specifically consider the latest threat intelligence and known TTPs being used by adversaries targeting your industry or similar organizations.
This proactive approach allows organizations to prioritize security improvements based on actual threat data rather than theoretical risks.
Evidence of fulfillment could include documented self-assessment reports that reference specific threat intelligence sources, identify which critical services were assessed, detail the TTPs considered during the assessment, and outline findings and remediation plans with timelines. These reports should demonstrate a regular cadence of assessments (e.g., quarterly or after significant threat landscape changes).
Implementation Example
Perform self-assessments of critical services that take current threats and TTPs into consideration
ID: ID.IM-01.177
Context
- Function
- ID: IDENTIFY
- Category
- ID.IM: Improvement
- Sub-Category
- Improvements are identified from evaluations
Related questions
- Has your organization conducted third-party assessments or independent audits of your cybersecurity program within the past 12 months?
- Does your organization utilize automated tools or systems to continuously evaluate compliance with your established cybersecurity requirements?
- Does your organization have a process to identify and implement improvements to incident response procedures based on findings from exercises, tests, and reviews?
- Does your organization have a formal process to identify and implement improvements to business continuity, disaster recovery, and incident response plans based on exercises conducted with critical service providers and suppliers?
- Does your organization involve internal stakeholders (such as senior executives, legal, and HR) in security tests and exercises?
- Does your organization conduct penetration testing on high-risk systems with leadership approval?

