Guide: Risk Assessment Topic Cluster
Risk Assessment
A collection of documents that assists in identifying risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals by determining the probability of occurrence, the resulting impact, and additional security controls that would mitigate this impact.
| NIST FIPS 199 | Standards for Security Categorization of Federal Information and Information Systems |
|---|---|
| NIST FIPS 191 | Guideline for The Analysis of Local Area Network Security |
| NIST SP 800-84 | Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities |
| NIST SP 800-60 | Guide for Mapping Types of Information and Information Systems to Security Categories |
| NIST SP 800-51 | Use of the Common Vulnerabilities and Exposures (CVE) Vulnerability Naming Scheme |
| NIST SP 800-48 | Wireless Network Security: 802.11, Bluetooth, and Handheld Devices |
| NIST SP 800-47 | Security Guide for Interconnecting Information Technology Systems |
| NIST SP 800-42 | Guideline on Network Security Testing |
| SP 800-40, Ver 2 | Creating a Patch and Vulnerability Management Program |
| NIST SP 800-37 | Guidelines for the Security Certification and Accreditation of Federal Information Technology Systems |
| NIST SP 800-30 | Risk Management Guide for Information Technology Systems |
| NIST SP 800-28 | Guidelines on Active Content and Mobile Code |
| NIST SP 800-26 | Security Self-Assessment Guide for Information Technology Systems |
| NIST SP 800-23 | Guideline to Federal Organizations on Security Assurance and Acquisition/Use of Tested/Evaluated Products |
| NIST SP 800-21 Rev 1 | Guideline for Implementing Cryptography in the Federal Government |
| NIST SP 800-19 | Mobile Agent Security |
| NIST IR 7316 | Assessment of Access Control Systems |
| NIST IR 6981 | Policy Expression and Enforcement for Handheld Devices |
| NIST SB 2006-02 | Creating A Program To Manage Security Patches and Vulnerabilities: NIST Recommendations For Improving System Security |
| NIST SB 2005-10 | National Vulnerability Database: Helping Information Technology System Users and Developers Find Current Information About Cyber Security Vulnerabilities |
| NIST SB 2005-05 | Recommended Security Controls For Federal Information Systems: Guidance For Selecting Cost-Effective Controls Using A Risk-Based Process |
| NIST SB 2004-07 | Guide For Mapping Types Of Information and Information Systems To Security Categories |
| NIST SB 2004-05 | Guide For The Security Certification and Accreditation Of Federal Information Systems |
| NIST SB 2004-03 | Federal Information Processing Standard (FIPS) 199, Standards For Security Categorization Of Federal Information and Information Systems |
| NIST SB 2004-01 | Computer Security Incidents: Assessing, Managing, and Controlling The Risks |
| NIST SB 2003-11 | Network Security Testing |
| NIST SB 2003-02 | Secure Interconnections for Information Technology Systems |
| NIST SB 2002-10 | Security Patches and The CVE Vulnerability Naming Scheme: Tools To Address Computer System Vulnerabilities |
| NIST SB 2002-02 | Risk Management Guidance For Information Technology Systems |
| NIST SB 2001-09 | Security Self-Assessment Guide for Information Technology Systems |
Original source for tables: Guide to NIST Security Documents.
