Risk Management Strategy and Risk Assessment Program - DoD & Cleared Contractors

Have Questions?
Talk to an ASP Expert at 703-254-3202

Description: In-depth, comprehensive, professionally developed risk management strategy and risk assessment program that includes documentation on all essential subject matter for developing a risk management strategy, along with performing a risk assessment as required by NIST SP 800-53, Revision 5. 

Note: DoD & Cleared contractors in industry are required to perform, at a minimum, an annual risk assessment, and one that is specific to an actual ‘system’. While the DCSA DAAPM, and other related DoD documentation provides examples of a risk assessment (i.e., Risk Assessment Report – Appendix C of the DAAPM), they do not provide detailed information – and examples – of the threat sources. Developing and documenting such information can be time-consuming.  

As such, the following Risk Assessment Program provided within this document lists approximately 110 ‘Threat Events and Vulnerabilities’ that can be used when assessing MUSA, SUSA, LAN, WAN, or any other type of DoD environments. 

Specifications: Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.

Control Family: Risk Assessment (RA).

Control Mapping: RA-3, PM-9, and suffices for DAAPM Appendix C.

Security Control Baseline Coverage: Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).

Direct Compliance Use: FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.

Format: MS Word document (.docx).

Length: 30 pages.

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.


What Our Customers Are Saying


Companies Who Trust Us