© 2019 RSM US LLP. All rights reserved.
NIST 800-30 Risk Assessment
While many organizations perform risk assessments, a National Institute of Standards and Technology (NIST) 800-30 risk assessment is often used as the go-to standard for such assessments. Historically used by governmental agencies, this risk assessment is being adopted by more commercial entities to build their risk management programs. Organizations looking to fully understand their risk profile or organizations performing government work would beneﬁt from such an assessment.
A NIST 800-30 risk assessment is widely used by U.S. governmental agencies, subcontractors and organizations that work for government clients. It can meet requirements set forth by federal agencies, as well as provide direction on where to direct security efforts. A NIST 800-30 risk assessment is also a key component of alignment and compliance with the Federal Information Security Management Act (FISMA). The NIST 800-30 risk assessment provides a risk management framework that shows an organization’s commitment to sound, industry-recognized security practices.
As part of a NIST 800-30 risk assessment, RSM will provide an independent view of infrastructure and application security risks faced by your company, along with actionable recommendations on how to mitigate those risks. The results of such an assessment helps organizations put programs in place that help with ongoing risk identification and remediation. It further lays the groundwork for the development of key risk indicators and management risk dashboards, so that organizations can make informed decisions.