Cyber Resilience

NIST 800-53 r5 · Controls catalogue · Family RA

RA-4Risk Assessment Update

Risk Assessment Update

Last updated: 04 July 2026 00:28 UTC

Implementations targeting this control (0)

ATT&CK techniques this control mitigates (0)

Weaknesses this control addresses (5)AI

CWEs ranked by how often they appear in real CVEs. The rationale describes how this control reduces exploitability of each weakness class.

CWE Name CVEs Why this control addresses it
CWE-327Use of a Broken or Risky Cryptographic Algorithm777Risk updates surface newly-broken or risky cryptographic algorithms as threat intelligence and computing advances evolve, enabling timely replacement.
CWE-693Protection Mechanism Failure613Risk assessment updates reveal when existing protection mechanisms have become ineffective against new attack techniques or environmental changes.
CWE-326Inadequate Encryption Strength520Updated assessments identify when previously adequate encryption strength no longer meets current attack capabilities or compliance drivers.
CWE-1104Use of Unmaintained Third Party Components21Periodic risk assessment updates directly detect when third-party components become unmaintained, prompting removal or replacement before attackers can exploit known vulnerabilities.
CWE-477Use of Obsolete Function16Regular reassessment flags use of obsolete functions whose security properties have degraded or whose replacements contain fixes for known weaknesses.

Top CVEs where this control is the strongest mitigation

CVE Risk CVSS EPSS Match
No CVEs annotated to this control yet — the per-CVE backfill is in progress.

Other controls in family RA

RA-1 RA-10 RA-2 RA-3 RA-5 RA-6 RA-7 RA-8 RA-9