Ross, R.
(2012),
Guide for Conducting Risk Assessments, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-30r1 (Accessed April 23, 2026)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide for Conducting Risk Assessments
Published
Author(s)
Abstract
The purpose of Special Publication 800-30 is to provide guidance for conducting risk assessments of federal information systems and organizations, amplifying the guidance provided in Special Publication 800-39. This document provides guidance for carrying out each of the three steps in the risk assessment process (i.e., prepare for the assessment, conduct the assessment, and maintain the assessment) and how risk assessments and other organizational risk management processes complement and inform each other. [Supersedes SP 800-30 (July 2002): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151254]Citation
Special Publication (NIST SP) - 800-30 Rev 1
Report Number
800-30 Rev 1
NIST Pub Series
Pub Type
NIST Pubs
Supercedes Publication
Download Paper
Keywords
analysis approach, monitoring risk, risk assessment, risk management, Risk Management Framework, risk model, RMF, threat sources
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created September 17, 2012, Updated January 27, 2020