Risk Management Strategy and Risk Assessment Program - DoD & Cleared Contractors

Description: In-depth, comprehensive, professionally developed risk management strategy and risk assessment program that includes documentation on all essential subject matter for developing a risk management strategy, along with performing a risk assessment as required by NIST SP 800-53, Revision 5.  Note: DoD & Cleared contractors in industry are required to perform, at a minimum, an annual risk assessment, and one that is specific to an actual ‘system’. While the DCSA DAAPM, and other related DoD documentation provides examples of a risk assessment (i.e., Risk Assessment Report – Appendix C of the DAAPM), they do not provide detailed information – and examples – of the threat sources. Developing and documenting such information can be time-consuming.   As such, the following Risk Assessment Program provided within this document lists approximately 110 ‘Threat Events and Vulnerabilities’ that can be used when assessing MUSA, SUSA, LAN, WAN, or any other type of DoD environments.