CCI-001038

Disseminate an organization-level; mission/business process-level; system-level risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance to organization-defined personnel or roles.

Implementation Guidance

NIST SP 800-30 meets the DoD requirements for risk assessment policy and procedures and is disseminated via the NIST publications site: http://csrc.nist.gov/publications/PubsSPs.html DoD Components are automatically compliant with this CCI because they are covered by the DoDi 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.

Validation Procedures

NIST SP 800-30 meets the DoD requirements for risk assessment policy and procedures. DoD Components are automatically compliant with this CCI because they are covered by the DoDi 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.

Compelling Evidence

Automatically compliant per DoDI 8510.01 which adopts NIST SP 800-30 as the DoD risk assessment policy.

The controls below (if any) were marked by NIST as being related to CCI-001038.