N
|
controlRA-3

Risk Assessment (RA-3)

Conduct a risk assessment, including: Integrate risk assessment results and risk management decisions from the organization and mission or business process perspectives with system-level risk assessments; Document risk assessment results in [organization-defined]; Review risk assessment results [organization-defined]; Disseminate risk assessment results to [organization-defined] ; and Update the risk assessment [organization-defined] or when there are significant changes to the system, its envir

Security Baselines

LOWMODERATEHIGH
risk-assessmentvulnerabilitythreat

Why These Connect

Baselined In3

This control is included in the linked security baseline (LOW, MODERATE, or HIGH).

Supports65

These related controls work together — a change to one may affect the others.

Enhances4

These enhancements add specific capabilities or refinements to the base control.

Related Controls(37)

AC-21Information Sharing (AC-21)
MH
CA-3Information Exchange (CA-3)
LMH
CA-6Authorization (CA-6)
LMH
CA-7Continuous Monitoring (CA-7)
LMH
CM-4Impact Analyses (CM-4)
LMH
CM-13Data Action Mapping (CM-13)IA-8Identification and Authentication (Non-organizational Users) (IA-8)
LMH
MA-5Maintenance Personnel (MA-5)
LMH
PE-3Physical Access Control (PE-3)
LMH
PE-18Location of System Components (PE-18)
H
PE-23Facility Location (PE-23)PL-2System Security and Privacy Plans (PL-2)
LMH
PL-10Baseline Selection (PL-10)
LMH
PL-11Baseline Tailoring (PL-11)
LMH
PM-8Critical Infrastructure Plan (PM-8)PM-9Risk Management Strategy (PM-9)PM-11Mission and Business Process Definition (PM-11)PM-28Risk Framing (PM-28)PM-31Continuous Monitoring Strategy (PM-31)PM-32Purposing (PM-32)PT-2Authority to Process Personally Identifiable Information (PT-2)PT-5Privacy Notice (PT-5)PT-7Specific Categories of Personally Identifiable Information (PT-7)RA-2Security Categorization (RA-2)
LMH
CP-6Alternate Storage Site (CP-6)
MH
CP-7Alternate Processing Site (CP-7)
MH
PE-8Visitor Access Records (PE-8)
LMH
RA-5Vulnerability Monitoring and Scanning (RA-5)
LMH
RA-7Risk Response (RA-7)
LMH
SA-8Security and Privacy Engineering Principles (SA-8)
LMH
SA-9External System Services (SA-9)
LMH
SC-38Operations Security (SC-38)SI-12Information Management and Retention (SI-12)
LMH
RA-8Privacy Impact Assessments (RA-8)RA-10Threat Hunting (RA-10)SA-24Design For Cyber Resiliency (SA-24)SR-2Supply Chain Risk Management Plan (SR-2)
LMH

Control Enhancements(4)

RA-3(1)Supply Chain Risk Assessment (RA-3(1))
LMH
RA-3(2)Use of All-source Intelligence (RA-3(2))
RA-3(3)Dynamic Threat Awareness (RA-3(3))
RA-3(4)Predictive Cyber Analytics (RA-3(4))

See Also

@SP 800-53 OverviewCompare Baselines