Description: In-depth, comprehensive, professionally developed risk management strategy and risk assessment program that includes documentation on all essential subject matter for developing a risk management strategy, along with performing a risk assessment as required by RA-3 and PM-9 of NIST SP 800-53, Revision 5.
Note:Federal contractors are required to perform, at a minimum, an annual risk assessment, and one that is specific to an actual ‘system’. As such, the following Risk Assessment Program provided within this document lists approximately 100 ‘Threats’ that can be used when assessing for compliance against NIST SP 800-53, which can include, FedRAMP, FISMA, NISP eMASS, etc.
Specifications:Developed in accordance with NIST SP 800-53, Revision 5 (12-10-2020), and other related security control frameworks, where applicable.
Control Family: Risk Assessment (RA).
Control Mapping:RA-3, PM-9.
Security Control Baseline Coverage:Includes coverage for all LOW, MOD, and HIGH Baselines, per NIST SP 800-53B (12-10-2020).
Direct Compliance Use:FISMA, FedRAMP, NISP eMASS RMF, and other related NIST RMF reporting requirements for security and privacy. Can be used for mapping to DFARS NIST 800-171 and CMMC controls, where applicable.