Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

risk assessment

Abbreviations / Acronyms / Synonyms:

assessment
Assessment
RA
risk analysis

Definitions:

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 1800-21B under Risk Assessment
NIST SP 800-137 under Risk Assessment from CNSSI 4009

  Process to comprehend the nature of risk and to determine the level of risk.
Sources:
NIST SP 800-160 Vol. 2 Rev. 1 under risk analysis from ISO Guide 73
NIST SP 800-160v1r1 under risk analysis from ISO Guide 73

  Overall process of risk identification, risk analysis, and risk evaluation.
Sources:
NIST SP 800-160 Vol. 2 Rev. 1 from ISO Guide 73
NIST SP 800-160v1r1 from ISO Guide 73

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses.
Sources:
NIST SP 800-18 Rev. 1 under Risk Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.
Sources:
NIST SP 800-172 from NIST SP 800-30 Rev. 1
NIST SP 800-172A from NIST SP 800-30 Rev. 1
NIST SP 800-37 Rev. 2 from NIST SP 800-30 Rev. 1
NIST SP 800-53 Rev. 5 from NIST SP 800-39
NIST SP 800-53A Rev. 5 from NIST SP 800-39
NIST SP 800-171 Rev. 2

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-12 Rev. 1 under Risk Assessment from NIST SP 800-39

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Sources:
CNSSI 4009-2015 from NIST SP 800-39
NIST SP 800-30 Rev. 1 under Risk Assessment from NIST SP 800-39
NIST IR 8323r1 from NIST SP 800-30 Rev. 1
NIST IR 8441 from NIST SP 800-30 Rev. 1

  See Security Control Assessment.
Sources:
NIST SP 800-137 under Assessment
NIST SP 800-172 under assessment
NIST SP 800-39 under Assessment
NIST SP 800-171 Rev. 2 under assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.  Synonymous with risk analysis.
Sources:
NIST SP 800-39 under Risk Assessment

  The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.
Sources:
NIST SP 1800-10B under Risk Assessment
NIST SP 1800-25B under Risk Assessment
NIST SP 1800-26B under Risk Assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations, resulting from the operation of a system. It is part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-63-3 under Risk Assessment

  See control assessment or risk assessment.
Sources:
NIST SP 800-37 Rev. 2 under assessment
NIST SP 800-53 Rev. 5 under assessment
NIST SP 800-53A Rev. 5 under assessment

  See security control assessment or risk assessment.
Sources:
CNSSI 4009-2015 under assessment from NIST SP 800-30 Rev. 1
NIST SP 800-30 Rev. 1 under Assessment

  A completed or planned action of evaluation of an organization, a mission or business process, or one or more systems and their environments; or
Sources:
NIST SP 800-137A under assessment

  The vehicle or template or worksheet that is used for each evaluation.
Sources:
NIST SP 800-137A under assessment

  Risk management includes threat and vulnerability analyses as well as analyses of adverse effects on individuals arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-53 Rev. 5 from NISTIR 8062 - Adapted
NIST SP 800-53A Rev. 5 from NISTIR 8062 - Adapted

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses and analyses of privacy problems arising from information processing and considers mitigations provided by security and privacy controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-53B from NIST SP 800-39
NIST IR 8401 from NIST SP 800-30 Rev. 1

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system.
Sources:
NIST SP 1800-21C under Risk Assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Sources:
NIST SP 1800-11B from NIST SP 800-30 Rev. 1
NIST SP 1800-30B from NIST SP 800-30 Rev. 1
NIST SP 1800-34B from NIST SP 800-30 Rev. 1

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. A part of risk management incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.
Sources:
NIST SP 800-160 Vol. 2 Rev. 1 from NIST SP 800-39 - adapted

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Sources:
NIST SP 800-188 from NIST SP 800-39

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Sources:
NIST SP 800-82r3 from NIST SP 800-39 - adapted

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Sources:
NISTIR 8183 under Risk Assessment from NIST SP 800-82r3

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Sources:
NISTIR 8183 under Risk Assessment
NISTIR 8183 Rev. 1 under Risk Assessment from NIST SP 800-82r3
NISTIR 8183A Vol. 1 under Risk Assessment
NISTIR 8183A Vol. 2 under Risk Assessment
NISTIR 8183A Vol. 3 under Risk Assessment