Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-30 Rev. 1

Guide for Conducting Risk Assessments

Date Published: September 2012

Supersedes: SP 800-30 (07/01/2002)


Joint Task Force Transformation Initiative



Cost-benefit analysis; residual risk; risk; risk assessment; risk management; risk mitigation; security controls; threat vulnerability
Control Families

Assessment, Authorization and Monitoring; Planning; Program Management; Risk Assessment; System and Services Acquisition


Download URL

Supplemental Material:
SP 800-30 Rev. 1 (EPUB) (epub)
Press Release

Document History:
09/17/12: SP 800-30 Rev. 1 (Final)