>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

RA-3Risk Assessment

>Control Description

a

Conduct a risk assessment, including:

1.

Identifying threats to and vulnerabilities in the system;

2.

Determining the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system, the information it processes, stores, or transmits, and any related information; and

3.

Determining the likelihood and impact of adverse effects on individuals arising from the processing of personally identifiable information;

b

Integrate risk assessment results and risk management decisions from the organization and mission or business process perspectives with system-level risk assessments;

c

Document risk assessment results in security and privacy plans; risk assessment report; [Assignment: organization-defined document];

d

Review risk assessment results organization-defined frequency;

e

Disseminate risk assessment results to organization-defined personnel or roles; and

f

Update the risk assessment organization-defined frequency or when there are significant changes to the system, its environment of operation, or other conditions that may impact the security or privacy state of the system.

>Related Controls

CA-3
CA-6
CM-4
CM-13
CP-6
CP-7
IA-8
MA-5
PE-3
PE-8
PE-18
PL-2
PL-10
PL-11
PM-8
PM-9
PM-28
PT-2
PT-7
RA-2
RA-5
RA-7
SA-8
SA-9
SC-38
SI-12

Ask AI

Configure your API key to use AI features.