Develop and document an organization-level; mission/business process-level; system-level risk assessment policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.
No STIG checks reference this CCI.