正
Masanari Global · Risk Intelligence
Comprehensive
Cybersecurity Risk
Assessment Framework
A multi-domain assessment architecture mapping 60 structured questions across
12 security domains — aligned to NIST 800-53 Rev.5, FDA Guidance, EO 14028,
M-23-16, and NIST CSF 2.0.
NIST SP 800-53 Rev. 5 ·
FDA Cybersecurity Guidance ·
Executive Order 14028 ·
M-23-16 / M-22-18 ·
NIST CSF 2.0 ·
Supply Chain Risk Management ·
Vulnerability Disclosure ·
Zero Trust Architecture ·
SBOM Requirements ·
Incident Response ·
NIST SP 800-53 Rev. 5 ·
FDA Cybersecurity Guidance ·
Executive Order 14028 ·
M-23-16 / M-22-18 ·
NIST CSF 2.0 ·
Supply Chain Risk Management ·
Vulnerability Disclosure ·
Zero Trust Architecture ·
SBOM Requirements ·
Incident Response ·
NIST 800-53 Rev. 5
SR-4
RA-5
SA-11
IA-2
SC-28
IR-8
FDA Guidance
TPLC Mgmt §6
CVD §7
Sec. Controls §5
Executive Order 14028
§4(e) SSCS
§4(f) SBOM
§3(c) ZTA
§4(k) Disclosure
M-23-16 / M-22-18
SBOM Req.
MFA §3.d
Logging §4
NIST CSF 2.0
ID.SC
PR.DS
DE.CM
RS.RP
RC.CO
01 · Supply Chain
02 · Vulnerability Mgmt
03 · Secure Development
04 · Auth & Access
05 · Encryption & Keys
06 · Network Security
07 · Incident Response
08 · Patch Management
09 · Asset Management
10 · Third-Party Risk
11 · Cloud Security
12 · Data Protection
Supply Chain Risk Management
5 questions · SR-4 · SR-6 · SR-11 · CM-8
Vulnerability Management & Disclosure
5 questions · RA-5 · SI-2 · IR-8
Secure Development Practices
5 questions · SA-3 · SA-8 · SA-11 · CM-4
Authentication & Access Control
5 questions · IA-2 · AC-2 · AC-6 · SC-12
Encryption & Key Management
5 questions · SC-8 · SC-12 · SC-13 · SC-28
Network Security
5 questions · SC-7 · SI-4 · AC-17 · AC-18
Incident Response & Recovery
5 questions · IR-4 · IR-6 · IR-8 · CP-4
Security Updates & Patch Management
5 questions · SI-2 · RA-5 · CM-3 · SI-5
Asset Management & Inventory
5 questions · CM-8 · PM-5 · RA-2 · SI-4
Third-Party Risk Assessment
5 questions · SA-9 · SR-3 · SR-6 · AC-20
Cloud Security
5 questions · SA-9 · SC-28 · AC-3 · SI-4
Data Protection & Privacy
5 questions · RA-2 · SC-8 · SC-28 · CA-3