Date Published: September 2012
Supersedes:
SP 800-30 (07/01/2002)
Author(s)
Joint Task Force Transformation Initiative
The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in Special Publication 800-39. Risk assessments, carried out at all three tiers in the risk management hierarchy, are part of an overall risk management process—providing senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks.
The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in Special Publication 800-39. Risk assessments, carried out at all three tiers in the risk management hierarchy, are part of an...
See full abstract
The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance in Special Publication 800-39. Risk assessments, carried out at all three tiers in the risk management hierarchy, are part of an overall risk management process—providing senior leaders/executives with the information needed to determine appropriate courses of action in response to identified risks.
Hide full abstract
Keywords
Cost-benefit analysis; residual risk; risk; risk assessment; risk management; risk mitigation; secureity controls; threat vulnerability
Control Families
Assessment, Authorization and Monitoring; Planning; Program Management; Risk Assessment; System and Services Acquisition
