U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

RA

Abbreviation(s) and Synonym(s):

Definition(s):

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 1800-21B under Risk Assessment from NIST SP 800-53 Rev. 4
NIST SP 800-137 under Risk Assessment from CNSSI 4009

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-18 Rev. 1 under Risk Assessment from NIST SP 800-30

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-12 Rev. 1 under Risk Assessment from NIST SP 800-39

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-30 Rev. 1 under Risk Assessment from NIST SP 800-39

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.  Synonymous with risk analysis.
Source(s):
NIST SP 800-39 under Risk Assessment

  The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.
Source(s):
NIST SP 1800-25B under Risk Assessment from NIST SP 800-63-2
NIST SP 1800-26B under Risk Assessment from NIST SP 800-63-2
NIST SP 800-63-2 [Superseded] under Risk Assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations, resulting from the operation of a system. It is part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-63-3 under Risk Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls or privacy controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53A Rev. 4 under Risk Assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-82 Rev. 2 under Risk Assessment from NIST SP 800-30
NISTIR 8183 under Risk Assessment
NISTIR 8183 Rev. 1 under Risk Assessment from NIST SP 800-82 Rev. 2
NISTIR 8183A Vol. 1 under Risk Assessment from NIST SP 800-82
NISTIR 8183A Vol. 2 under Risk Assessment from NIST SP 800-82
NISTIR 8183A Vol. 3 under Risk Assessment from NIST SP 800-82

  An entity authorized by the certification authority system (CAS) to collect, verify, and submit information provided by potential subscribers, which is to be entered into public key certificates. The term RA refers to hardware, software, and individuals that collectively perform this function.
Source(s):
NIST SP 1800-16D under Registration Authority from CNSSI 4009-2015

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.
Source(s):
NIST SP 1800-21C under Risk Assessment

  An organization approved by ISO/IEC for performing registration.
Source(s):
NISTIR 5308 under Registration Authority from ISO/IEC JTC1 N820

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NISTIR 8183 under Risk Assessment from NIST SP 800-82 Rev. 2

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NISTIR 8323 under Risk Assessment from NIST SP 800-30 Rev. 1

  A value that defines an analyzer's estimated level of security risk for using an app. Risk assessments are typically based on the likelihood that a detected vulnerability will be exploited and the impact that the detected vulnerability may have on the app or its related device or network. Risk assessments are typically represented as categories (e.g., low-, moderate-, and high-risk).
Source(s):
NIST SP 800-163 [Superseded] under Risk Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-37 Rev. 1 [Superseded] under Risk Assessment
NIST SP 800-53 Rev. 4 [Superseded] under Risk Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53 Rev. 4 [Superseded] under Risk Assessment