Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Guide for Conducting Risk Assessments

Published

Author(s)

Ronald S. Ross

Abstract

The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying out each of the three steps in the risk assessment process (i.e., prepare for the assessment, conduct the assessment, and maintain the assessment) and how risk assessments and other organizational risk management processes complement and inform each other. [Supersedes SP 800-30 (July 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151254]
Citation
Special Publication (NIST SP) - 800-30 Rev 1
Report Number
800-30 Rev 1

Keywords

analysis approach, monitoring risk, risk assessment, risk management, Risk Management Framework, risk model, RMF, threat sources
Created September 17, 2012, Updated November 10, 2018