STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← All Controls

RA-1

Risk AssessmentRev 5

Policy and Procedures

CCI Identifiers (21)

CCI-001037Develop and document an organization-level; mission/business process-level; system-level risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance.CCI-001038Disseminate an organization-level; mission/business process-level; system-level risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance to organization-defined personnel or roles.CCI-001039Review and update the current risk assessment policy in accordance with organization-defined frequency.CCI-001040Defines the frequency with which to review and update the current risk assessment policy.CCI-001041Develop and document procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls.CCI-001042Disseminate risk assessment procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls to organization-defined personnel or roles.CCI-001043Review and update the current risk assessment procedures in accordance with organization-defined frequency.CCI-001044Defines the frequency with which to review and update the current risk assessment procedures.CCI-002368Defines the personnel or roles to whom the organization-level; mission/business process-level; system-level risk assessment policy is disseminated.CCI-002369Defines the personnel or roles to whom the risk assessment procedures are disseminated.CCI-004603Develop and document an organization-level; mission/business process-level; system-level risk assessment policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines.CCI-004604Disseminate an organization-level; mission/business process-level; system-level risk assessment policy that is consistent with applicable laws, Executive Orders, directives, regulations, policies, standards, and guidelines, to organization-defined personnel or roles.CCI-004605Designate an organization-defined official to manage the development and documentation of the risk assessment policy.CCI-004606Designate an organization-defined official to manage the dissemination of the risk assessment policy.CCI-004607Designate an organization-defined official to manage development and documentation of the risk assessment procedures.CCI-004608Designate an organization-defined official to manage dissemination of the risk assessment procedures.CCI-004609Defines the official designated to manage the development, documentation, and dissemination of the risk assessment policy and procedures.CCI-004610Review and update the current risk assessment policy following organization-defined events.CCI-004611Defines the events following reviewing and updating the current risk assessment policy.CCI-004612Review and update the current risk assessment procedures following organization-defined events.CCI-004613Defines the events following reviewing and updating the current risk assessment procedures.

Linked STIG Checks (0)

No STIG checks reference this control.