Risk Management
NIST Risk Assessment Checklist
📋

NIST Risk Assessment Checklist

1
Identify system components that handle sensitive data
2
Determine system categorization based on FIPS 199 standards
3
Identify the types of information stored, transmitted, and processed
4
Determine risk level of system components
5
Evaluate current security controls in place
6
Approval: Evaluate Current Security Controls
7
Identify potential threats and vulnerabilities
8
Evaluate threat impact and vulnerability severity
9
Identify risks to mission/business processes
10
Create a risk assessment report detailing findings
11
Review and verify risk assessment report
12
Approval: Risk Assessment Report
13
Determine appropriate risk responses
14
Develop risk mitigation strategies
15
Implement risk mitigation strategies
16
Monitor implemented strategies for effectiveness
17
Approval: Monitor Implemented Strategies
18
Document changes in risk management plan
19
Review and update risk management plan as necessary
20
Approval: Updated Risk Management Plan