STIGhub
STIGs
RMF Controls
Compare
← All Controls
RA-3
Risk Assessment
Rev 5
Risk Assessment
CCI Identifiers (15)
CCI-001048
Conduct a risk assessment, including determining the likelihood and magnitude of harm, from the unauthorized access, use, disclosure, disruption, modification, or destruction of the system, the information it processes, stores, or transmits, and any related information.
CCI-001049
Document risk assessment results in the organization-defined document.
CCI-001050
Review risk assessment results on an organization-defined frequency.
CCI-001051
Defines a frequency for reviewing risk assessment results.
CCI-001052
Update the risk assessment on an organization-defined frequency or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.
CCI-001053
Defines a frequency for updating the risk assessment.
CCI-001642
Defines the organizational document in which risk assessment results are documented (e.g., security plan, privacy plan; risk assessment report).
CCI-002370
Disseminate risk assessment results to organization-defined personnel or roles.
CCI-002371
Defines the personnel or roles to whom the risk assessment results will be disseminated.
CCI-004622
Integrate risk management decisions from the organization.
CCI-004618
Conduct a risk assessment, including identifying threats to the system.
CCI-004619
Conduct a risk assessment, including identifying vulnerabilities in the system.
CCI-004620
Conduct a risk assessment, including determining the likelihood and impact of adverse effects on individuals arising from the processing of personally-identifiable information.
CCI-004621
Integrate risk assessment results from the organization.
CCI-004623
Integrate mission or business process perspectives with system-level risk assessments.
Linked STIG Checks (0)
No STIG checks reference this control.