I N F O R M A T I O N S E C U R I T Y
Computer Security Division
Information Technology Laboratory
National Institute of Standards and Technology
Gaithersburg, MD 20899-8930
September 2012
U.S. Department of Commerce
Rebecca M. Blank, Acting Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Under Secretary for Standards and Technology
and Director Guide for Conducting
Risk Assessments
JOINT TASK FORCE
TRANSFORMATION INITIATIVE
NIST Special Publication 800 -30
Revision 1
Special Publication 800- 30 Guide for Conducting Risk Assessments
________________________________________________________________________________________________
PAGE ii Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology (NIST) promotes the U.S. economy and public welfare by providing technical
leadership for the nation’s measurement and standards infrastructure. ITL develops tests, test
methods, reference data, proof of concept implementations, and technical analyses to advance the
development and productive use of information technology. ITL’s responsibilities include the
development of management, administrative, technical, and physical standards and guidelines for the cost -effective security and privacy of other than national security -related information in
federal information systems. The Special Publication 800- series reports on ITL’s research,
guidelines, and outreach eff orts in information system security, and its collaborative activities
with industry, government, and academic organizations.
Special Publication 800- 30 Guide for Conducting Risk Assessments
________________________________________________________________________________________________
PAGE iii Authority
This publication has been developed by NIST to further its statutory responsibilities under the
Federal Information Security Management Act (FISMA), Public Law (P.L.) 107 -347. NIST is
responsible for developing information security standards and guidelines, including minimum
requirements for federal information systems, but such stan dards and gui delines shall not apply to
national security systems without the express approval of appropriate federal officials exercising polic y authority over such systems. This guideline is consistent with the requirements of the
Office of Management and Budget (OMB ) Circular A -130, Section 8b(3), Securing Agency
Information Systems , as analyzed in Circular A -130, Appendix IV: Analysis of Key Sections .
Supplemental information is provided in Circular A -130, Appendix III , Security of Federal
Automated Information Resources .
Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statu tory
authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federal official.
This publication may be used by nongovernmental organizations on a voluntary basis and is not
subject to copyright in the United States. Attribution would, however, be appreciated by NIST.
NIST Special Publication 800- 30, 95 pages
(September 2012 )
CODEN: NSPUE2
Comments on this publication may be submitted to:
National Institute of Standards and Technology
Attn: Computer Security Division, Information Technology Laboratory
100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899- 8930
Electronic mail: sec -cert@nist.gov Certain commercial en
NIST.SP.800-30- Guide for Conducting Risk Assessments
安全标准 >
NIST >
文档预览
中文文档
95 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共95页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2023-01-05 17:30:04上传分享