Does your organization have a process to receive and review cybersecurity threat intelligence from reputable third-party sources?
Explanation
Staying ahead of attackers depends on outside intelligence, and reviewers want to know whether you have a process to receive and review threat intelligence from reputable third parties. Regular review of security advisories helps organizations anticipate potential threats, understand emerging attack vectors, and proactively adjust security controls to address specific risks before they are exploited.
Evidence of fulfillment could include documentation of subscribed threat intelligence feeds (e.g., US-CERT, CISA, industry ISACs), meeting minutes from threat intelligence review sessions, or screenshots of a threat intelligence platform showing recent advisories with annotations on their relevance to your environment.
Implementation Example
Receive and review advisories from reputable third parties on current threat actors and their tactics, techniques, and procedures (TTPs)
ID: ID.RA-02.154
Context
- Function
- ID: IDENTIFY
- Category
- ID.RA: Risk Assessment
- Sub-Category
- Cyber threat intelligence is received from information sharing forums and sources
Related questions
- Does your organization implement vulnerability management tools to detect unpatched software and misconfigurations?
- Does your organization regularly conduct security architecture reviews to identify and remediate design and implementation weaknesses?
- Does your organization conduct security reviews, analysis, or testing of internally developed software to identify vulnerabilities in design, code, and default configurations?
- Has your organization conducted a comprehensive physical security assessment of all facilities housing critical computing assets within the past 12 months?
- Does your organization actively monitor cyber threat intelligence sources for information about new vulnerabilities in your products and services?
- Does your organization regularly conduct vulnerability assessments of business processes and procedures to identify potential cybersecurity weaknesses?

