U.S. flag   An official website of the United States government
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

risk assessment

Abbreviation(s) and Synonym(s):

assessment
Assessment

Definition(s):

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-137 under Risk Assessment CNSSI 4009

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis, and incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-18 Rev. 1 under Risk Assessment NIST SP 800-30

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system.
Source(s):
NIST SP 800-171 Rev. 2 NIST SP 800-30
NIST SP 800-37 Rev. 2
NIST SP 800-171 Rev. 1 [Superseded]

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of a system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-12 Rev. 1 under Risk Assessment NIST SP 800-39

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
CNSSI 4009-2015 NIST SP 800-39
NIST SP 800-30 Rev. 1 under Risk Assessment NIST SP 800-39

  See Security Control Assessment.
Source(s):
NIST SP 800-137 under Assessment
NIST SP 800-37 Rev. 1 under Assessment
NIST SP 800-39 under Assessment
NIST SP 800-53 Rev. 4 under Assessment
NIST SP 800-171 Rev. 2 under assessment
NIST SP 800-171 Rev. 1 under assessment [Superseded]

  The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.
Source(s):
NIST SP 800-33 under risk analysis [Withdrawn]

  See risk analysis
Source(s):
NIST SP 800-33 [Withdrawn]

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place.  Synonymous with risk analysis.
Source(s):
NIST SP 800-39 under Risk Assessment

  See Security Control Assessment or Privacy Control Assessment.
Source(s):
NIST SP 800-53A Rev. 4 under Assessment

  The process of identifying, estimating, and prioritizing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations, resulting from the operation of a system. It is part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-63-3 under Risk Assessment

  See control assessment or risk assessment.
Source(s):
NIST SP 800-37 Rev. 2 under assessment

  See security control assessment or risk assessment.
Source(s):
CNSSI 4009-2015 under assessment NIST SP 800-30 Rev. 1
NIST SP 800-30 Rev. 1 under Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls or privacy controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53A Rev. 4 under Risk Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-37 Rev. 1 under Risk Assessment
NIST SP 800-53 Rev. 4 under Risk Assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NIST SP 800-82 Rev. 2 under Risk Assessment NIST SP 800-30
NISTIR 8183A Vol. 1 under Risk Assessment NIST SP 800-82
NISTIR 8183A Vol. 2 under Risk Assessment NIST SP 800-82
NISTIR 8183A Vol. 3 under Risk Assessment NIST SP 800-82
NISTIR 8183 under Risk Assessment

  The process of identifying risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system. Part of risk management, incorporates threat and vulnerability analyses, and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis.
Source(s):
NIST SP 800-53 Rev. 4 under Risk Assessment

  A completed or planned action of evaluation of an organization, a mission or business process, or one or more systems and their environments; or
Source(s):
NIST SP 800-137A under assessment

  The vehicle or template or worksheet that is used for each evaluation.
Source(s):
NIST SP 800-137A under assessment

  The process of identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact. Part of risk management, synonymous with risk analysis. Incorporates threat and vulnerability analyses.
Source(s):
NISTIR 8183 under Risk Assessment NIST SP 800-82 Rev. 2

  A value that defines an analyzer's estimated level of security risk for using an app. Risk assessments are typically based on the likelihood that a detected vulnerability will be exploited and the impact that the detected vulnerability may have on the app or its related device or network. Risk assessments are typically represented as categories (e.g., low-, moderate-, and high-risk).
Source(s):
NIST SP 800-163 under Risk Assessment [Superseded]

  The process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment.
Source(s):
NIST SP 800-27 Rev. A under risk analysis [Withdrawn]

  See risk analysis.
Source(s):
NIST SP 800-27 Rev. A [Withdrawn]

  The process of identifying the risks to system security and determining the probability of occurrence, the resulting impact, and additional safeguards that would mitigate this impact. Part of Risk Management and synonymous with Risk Analysis.
Source(s):
NIST SP 800-63-2 under Risk Assessment [Superseded]

  Process to comprehend the nature of risk and to determine the level of risk.
Source(s):
NIST SP 800-160 under risk analysis [Superseded] ISO 73

  Overall process of risk identification, risk analysis, and risk evaluation.
Source(s):
NIST SP 800-160 [Superseded] ISO 73