NIST SP 300 Risk Assessment Methodology

8/3/2019 NIST SP 300 Risk Assessment Methodology

1/23

!%##$$$$$%

#!!%

%#&%

..47/394$#82,3,02039890574.08841/03913;:307,-908,3/970,98

94 90 31472,943 7084:7.08 :80/ - ,3 47,3,943 3 ,.0;3 -:83088 4-0.9;08 ,3/

/0./3,9.4:390720,8:7081,3949,0370/:.37894,3,..059,-00;0-,80/43

90 ;,:0 41 90 31472,943 7084:7.0 94 90 47,3,943094/,70 ( 40;07 #8

2,3,02039 8349 290/94 31472,94380.:79 ,3/ 84:/-0,550/ 4;07 ,,70,841 90

47,3,943

%0.47041,3782,3,02039574.0/:700890,.9:,,88088203941780490788

.,8810/ 0;,:,90/,3/,880880/%0,2 4131472,94380.:79 78,880882039 8 94:80 ,

;,7094190.36:0894/0391,147284131472,94380.:7978894,347,3,9438,8809

,3//090723090044/4190784..:77325,.941907843-:83088.4393:9,3/

574;/37829,943897,9008$%/0130878,880882039,8%0574.08841/03913

90788948890280.:79,3//090723390574-,-9414..:7703.090708:9325,.9

,3/ ,//943, 8,10:,7/8 9,9 4:/29,90 98 25,.9$9430-:730709,(%070 ,70

/110703995084178,880882039-:990,70088039,.,90470/:3/07942,47,5574,.08

.,706:,399,9;0,3/6:,9,9;078,880882039

"&%%%'$$

":,399,9;0,3,888,3,5574,.9,9700843850.1.1472:,8,3/.,.:,943894/0907230

90;,:0419078/0.843;,7,-08,3/4(98,3,5574,.9,9.,3-0:80/03

24309,7 ;,:0 .,3 -0 2,550/ 94 , 850.1. 78 ,3/ 708:98 /07;0/ ,70 49903 3 3:207.,

;,:08,3/507.039,08


2/23

%0,/;,39,0841":,399,9;078,8808820393.:/0

9 8 0,807 94 .,.:,90 709:73 43 3;0892039 83.0 , ,3,88 ,70 50714720/ :8324309,7;,:08

#08:98.,3-0:80/948:55479-:/09/0.8438147:5.4235740.98,3/4( #08:98419078,8808820398,70343-,80/,3/4-0.9;0 8808820392,/0:83 90 6:,399,9;0 2094/44,70 2470 70,-0 83.0 90 ,70

-,80/433:207.,;,:08,99,.0/94850.1.3:2-078574-,-908,3/25,.98

9.,3-0:80/1475740.90;0,3,88-574;/3574-,-89.0892,90841920,3/.489

8,/;,39,0841":,399,9;078,8808820393.:/0901443

98920.438:23,3/05038;0574.088,89706:70890:8041850.,0/9448 #08:9849903,70 33:207.,;,:08,3/2,-0/11.:914734390.3.,50450 94

39075709#8-(

":,399,9;078,880882039574;/0,1,808038041,..:7,.-0.,:80907054798-,80/433:207.,;,:0,3/9884209208/11.:994574;/0,3,..:7,90/,9,8:.9,9/,9,

574;/0/,70574-,-90/:.,90/:08847,3/4(

"&%%'#$$$$$%

":,9,9;0 78 ,880882039 8 , 8:-0.9;0 78 ,880882039 2094/44 9,9 /0503/8 43 90

/8.7094341 90 78 ,88088203990,2,894,9 .425780841 , 78 9490 47,3,943%8

2094/44,88:2089,990708,0;041:3.079,39390044/41,784..:773,3/

90 25,.94190 78(,./03910/ 788,8830/, ;,:041420/:247

94 3/.,90 90 25,.941 90 78439047,3,943 4.,(9 8247041903 90

6:.07 .489 0110.9;0 ,3/ 0,807 9405,3 9434390.3., 2,3,02039 90,2 90.36:041

0;,:,93 78 489 ,..0590/ 2094/4408 41 , 6:,9,9;0 ,880882039 ,;0 8420 -,8.

.43.05988:.,8,88098970,9825,.98,3/;:307,-908

88098 ,70 ;,:,-0 9028 9,9 706:70 57490.943 8:. ,8 889028 317,897:.9:70 -:/38

31472,943 09. %70,98 ,70 0;039 9 ,3 :3/0870/ 25,.9 43 90 47,3,9438 ,88098


3/23

3:-4 09 , ( 3 25,.9 8 90 574850.9;0 4:9.420 41 , 970,9 02073 ,3/

389,93/,2,0944:7,88098':307,-908,700,308847-70,.3, 889029,9

,4,970,9940549,3,8809

%0,/;,39,0841":,9,9;078,8808820393.:/0901443

O 98.0,507,3/0,8079450714729,3,6:,399,9;078,880882039O ":,9,9;0,3,8880,89497,38,9039434390.3.,90728,3/-:8308825.,943

41788147902,3,0203990,2

O 9834930.088,794349013,3.,;,:041,9047,3,9438,88098

8,/;,39,0841":,399,9;078,8808820393.:/0901443

O 3/38 1742 98 95041,5574,.,708:-0.9;084907;,/9,3/70,-92,.4203946:08943

O #08:98 ,70 8:-0.9;0 03.0 2, -0 31:03.0/ - 90 ,880882039 90,2 0850.,39073,,88088203990,28

O 43947341788,190725020390/.439748,70/11.:9-0.,:8078,70.,90470/307,7..,47/07,8455480/943:207.,;,:083,6:,399,9;0,880882039

O 11.:994:89190.4894125020393.43974830.088,7,19079078,88088203983.09070834 13,3.,;,:0,99,.0/ 9490,3,88,3/34-,88147, .489-03019

,3,8878-(

39047/ 94/,9070,702,36:,9,9;078,8808820392094/4408,;,,-08:.,8

%'507,943, 79., %70,9 8809 ,3/ ':307,-9 ;,:,943 $% #8

2,3,02039$$$0744/550/:83088$0.:797.90.9:70%#83,88

,3/,3,02039094/$%#$#82,3,0203909.


4/23

$9,3/,7/#8880882039!74.0884094/,70(

$%$!#8880882039094/44390 ,89/0.,/0 /1107039,8808820392094/4408,;0-003/0;0450/ 390 31472,943

80.:79 3/:897 147 90 .,881.,943 /0391.,943 ,3/ 25,.9 ,3,88 41 78 3 ,3

47,3,943 $31.,39 78 ,880882039 2094/4408 3.:/0 $% $!,943,

3899:90 41 $9,3/,7/8 ,3/ 90.344 $$ $0744/ 550/ :83088 $0.:79

7.90.9:70 #% #8 3,88 ,3/ ,3,02039 094/ %'

507,943, 79., %70,9 8809 ,3/ ':307,-9 ;,:,943 09. $% $! 8 ,

.42570038;0,3/570.8078,8808820392094/9,980,..0590/-31472,94380.:79

574108843,8,8,.489.438.4:8,3/011.039,415071472378,880882039%880.943

4198/88079,94357080398,338939490$%78,880882039,5574,.,8/0130/-90

$!/4.:2039799033


5/23

-@n

$% /01308308905 ,5574,. 147 .43/:.93, 1472, 78 ,880882039%8 8:-80.943

.439,389033089058/08.7-0/-$%9/09,0/05,3,9434190050.943410,.8905

$8902.,7,.907,943 %70,9/0391.,943 ':307,-9/0391.,943 439743,88 044//090723,943 25,.9,3,88 #8/090723,943 4397470.42203/,9438 #08:98/4.:2039,943

$8902,7,.907,943

%8 8 90 1789 89,041 90 78 ,880882039,3/ 9 3;4;08 90 :83 31472,943 ,9073

90.36:08 147 90 .4,943 41 88902 70,90/ 31472,9438 8:. ,8 ,7/,70 ,3/ 8419,70

31472,943 ,7.90.9:70 31472,943 :8078 ,3/ 89,11 41 90 % 88902 47 ,55.,943

.,881.,94341/,9,80389;90;0888902,7.90.9:70-:83088,3/1:3.943,706:7020398

41 90 % 88902 ,9, ,9073 41 88902 31472,943 2, 3;4;0 70;0 41 88902 47

,55.,943 /4.:2039,9431 ,;,,-0 3907;08 9 % 89,11 ,3/ :8078 41 90 889028

,:942,90//,9,.40.9439448

%70,9/0391.,943

%889,03;4;0890/039139084:7.0841970,9,3/5,73902990249;,94341

90970,93,3,99025994:3/0789,3/90.,:804190970,9,3/250203929,94390.36:08

970,984:7.08/0130/,8,3.7.:289,3.0470;039990549039,94.,:80,7294,3%

88902$9430-:7307 09 , (%70,9 84:7.08 ,430 /4 349 5708039 788 94 , 88902 -:9 ,

.42-3,94341970,984:7.0970,9249;,943,3/970,9,.943.43899:9094,78949088902

;07/, 970,9 84:7.08 3.:/0 3,9:7, 970,9 84:7.08 0970200,907 .43/9438 :2,3

970,9 84:7.08 ,.078 ,3/ /88,9810/ 0254008 ,3/ 03;7432039, 970,9 84:7.08 %70,9

249;,9438,70249;,9438 3.:/0/88,9810/0254008249;,90/-7,0;030,3.0 ,3/

57419-:83088.4250994797394,3.425099;0,/;,39,0,.078.-0789,07809.


6/23

':307,-9/0391.,943

%8 89,0 ,9902598 94 89 , 90.3., ,3/ 343 90.3., ;:307,-908 3 90 889028 47

,55.,943,7.90.9:70347/079429,9090970,984:7.09,9.,3054990;:307,-908

/0391.,94341;:307,-908.,3-0/430974:503097,94390893,:942,90/;:307,-9

8.,333944809.

439743,88

%0 ,2 41 98 89,0 41 90 78 ,880882039 ,5574,. ,28 94 ,88088 90011.03. 41 90 ,

.439748 9,9,70 5708039 3, %88902 9.4:/ ,84 0,230 90.439748 9,9,705,330/147

2502039,943%8 8/430 3,3,990259 942320 90 7841, 970,9-032,907,0/

,3/94038:709,9;:307,-908,7034905490/-970,98%0708:984190.43974,3,88

,48,347,3,943,.6:70,044/7,93044/7,938907,9447507.039,0

9,9;:307,-9-0.42574280/-,970,9439742094/8,70.,90470/,8570;039;0

,3//090.9;0.439748!70;039;0.439748,294.4:3907,.990054941;:307,-908-349

,43 90 94 4..:7 %0 3.:/0 ,..088 .43974 20.,382 ,39;7:8 ,3/ 170,

57490.9438 090.9;0 .439748 /0391 90 ,.9438 9,9 ;4,90 90 80.:79 54. 41 90

47,3,9438%0803.:/08,:/98397:843/090.94388902809.

044/090723,943

%8 890119 89,04178,880882039,5574,.,3/ 98,294 /090723090044/41,

970,984:7.005493,;:307,-9570803939088902%0044/7,938/0907230/

-,3,3 90970,984:7.0 970,9249;,943 95041;:307,-9,3/ 900110.9;0308841

.:77039 25020390/.439748%0 044/7,938.,3-07,30/ ,820/:2 47 4

%09,-0-04574;/08,/08.759434190044/7,938

044/0;0 044//013943

%0970,984:7.08249;,90/,3/ 8:11.039 .,5,-0,3/

.439748 94 570;039 90 ;:307,-9 1742 -03 007.80/ ,70

30110.9;0


7/23

0/:2 %0970,984:7.08249;,90/,3/.,5,-0-:9.439748,7035,.0

9,92,250/08:..0881:007.804190;:307,-9

4 %0 970,984:7.0 ,.8249;,943 47.,5,-9 47.439748,703

5,.0 94570;039 47,9 0,89 831.,39 250/0 90;:307,-9

1742-03007.80/

%,-0044//0139438$9430-:730709,(

25,.93,88

%8 89,0 3;4;08 ,3,3 ,/;0780 25,.9 9,9 ,7808 1742 , 8:..0881: 0549,943 41

;:307,-9 - , 970,9 84:7.0 ,2,08 .4:/ -0 .,.:,90/ 3 24309,7 90728 488 41

.431/039,9,3/390794131472,943807;07/439204748841,;,,-9417084:7.08

488 41 .425,38 705:9,943 488 41 .425099;0 ,/;,39,0 09. %0 9,-0 -04 848 90

25,.97,938

,39:/0 41

25,.9

25,.9/013943

07.804190;:307,-9

,708:9 3 90 .489 488 412,47 9,3-0,88098477084:7.08

, 831.,39 ;4,90 ,72 47 250/0 ,3 47,3,943828843705:9,94347390708947

,708:93:2,3/0,9478074:83:70/:2 07.804190;:307,-9

,708:9390.489488419,3-0,88098477084:7.08 , ;4,90 ,72 47 250/0 ,3 47,3,9438 28843

705:9,943473907089

,708:93:2,33:74 07.804190;:307,-9


8/23

2,708:93904884184209,3-0,88098477084:7.0847 2, 349.0,-,110.9 ,3 47,3,943828843 705:9,943 47

3907089

%,-0,39:/04125,.90139438$9430-:730709,(

#8090723,943

%0,2419889,0894/0907230905488-00;0417881470,.970,9;:307,-95,7

-.438/07390044/41 90 970,9 05493 ,;:307,-9,3/90 25,.941 90 78

-03 05490/ 43 90 88902 9 ,84 0892,908 1 90 25020390/ .439748 ,70 8:11.039 3

29,939078857080393,88902

%0780;08,70.,90470/,820/:2474%09,-0/08.7-0890 9700 0;0841

788

#80;0 #8/08.75943,3/0.088,7.9438

1,34-807;,9434713/380;,:,90/,8,7890708,89743300/147

.4770.9;0 20,8:708 3 0893 88902 2, .4393:0 94 4507,90 -:9 ,

.4770.9;0,.9435,32:89-05:935,.0,88443,85488-0

0/:2 1,34-807;,94387,90/,820/:2 78 .4770.9;0,.9438,70 300/0/ ,3/,

5,32:89-0/0;0450/943.47547,909080,.943893,70,843,-05074/

41920

4 1 ,34-807;,943 8/08.7-0/ ,8 4 78 90 889028 2:89 /0907230

0907.4770.9;0,.9438,7089706:70/47/0./094,..0599078

%,-0#8$.,0,3/0.088,7.9438$9430-:730709,(


9/23

#80;0,97

%0,.9:,0;041,788/0907230/-,3,390970,9044/7,93,3/970,925,.9

7,93:83,2,97%09,-0-04848,2,9794.,.:,90904;07,787,93-,80/43

90 970,9 044/,3/ 970,9 25,.9;,:08570;4:8,8830/ 30,707 89,084190$%

78,8808820392094/

25,.9

044/

0/:2 4

0/:2

0/:2 0/:2 4

4 0/:2 4 4

43974#0.42203/,9438

$% 78 ,880882039 574.088 41107 .439748 9,9 ,8889 3 90 29,943 41 788 /03910/ 3

0,70789058419078,880882039574.088%0,241.4397470.42203/,94389470/:.090

7885480/9490%8890294,0;0,..059,-0-2,3,020394397470.42203/,943,70

90708:941 900397078,880882039574.088,3/574;/0 35:994907829,943574.088

$% 70.42203/8 9,9 9080 .439748 ,70 .4803 -,80/ 43 90 1,.9478 -04$9430-:7307 09

,(

$8902.425,9-9 7,3,943,54. 08,9438,3/70:,9438 $,109,3/.4388903. 110.9;030884170.42203/0/.439748 507,943,25,.9


10/23

3 47,3,943 300/8 94 5071472 , .489 -03019 ,3,88 43 0907 94 2502039 90

70.42203/0/ .43974 ,8 90 47,3,943 29 349 ,3 ,8 2:. ;,:0 94 90 25020390/

.43974,890.48990,;08503932502039390.43974

#08:984.:2039,943

%8 8 90 13, 89,041 90 78 ,880882039574.088 9 3;4;08 90 /4.:2039,943 41, 90

/0;07,-08,3/708:941 9078,880882039%07054790307,90/,99889,0 857080390/94

90803472,3,0203990,2419047,3,943,88:.984:/-03,1472,99,98.0,7,3/

.43.80,3/0,814734390.3.,%89,1194.4257003/

#8 880882039 #05479 472,9

$%$!70.42203/89,9,78,880882039705479.439,390144331472,943

80.9438$9430-:730709,(

3974/:.9439.439,38905:75480,3/908.450419078,880882039984://08.7-0

9088902.4254303980020398:807810/8904.,94381,3,3/,34907/09,8,-4:9

908890294-0.438/070/390,880882039

#88808820395574,.%83;4;08-701/08.7-390,5574,.:80/94.43/:.9

9078,8808820398:.,8

%05,79.5,398078,88088203990,2202-078 %090.36:0:80/94,90731472,943090:804194486:089433,708 %0/0;0452039,3//08.7594341788.,00,47780;0

2,97

$8902 ,7,.907,943 98 8 , 8905 94 .,7,.9070 90 88902 3.:/3 ,7/,70

807;0774:90789.8419,700,55.,9434507,938890257494.48890239071,.08

0.422:3.,9433/,9,,3/:8078!74;/0.4330.9;9/,7,24788902 35:9 ,3/

4:95:914.,7994/030,90908.450419878,880882039011479


11/23

' %70,9 $9,902039 9 3;4;08 4253 ,3/ 893 90 549039, 970,984:7.08 ,3/

,884.,90/970,9,.9438,55.,-0949088902,880880/

'#8 880882039 #08:98 9 3;4;08 893 90 4-807;,9438 ;:307,-9970,9 5,78

,.4-807;,9432:893.:/0

-807;,943 3:2-07 ,3/ -701 /08.75943 41 4-807;,943 0 -807;,943 &807889025,8847/8.,3-0:0880/47.7,.0/

/8.:88434190970,984:7.0,3/;:307,-95,7 /0391.,94341089329,9380.:79.439748 044//8.:8843,3/0;,:,94300/:247 4044/ 25,.9,3,88/8.:8843,3/0;,:,94300/:247 425,.9 #87,93-,80/4390780;02,9700/:247 4780;0 #0.42203/0/.43974847,9073,9;045943814770/:.39078

'$:22,7 %49, 903:2-07414-807;,9438$:22,70904-807;,9438 90,884.,90/

78 0;08 90 70.42203/,9438 ,3/ ,3 .4220398 3 , 9,-0 1472,9 94 1,.9,90 90

2502039,9434170.42203/0/.439748/:73907829,943574.088

!%$%$!!#%$#$

8/8.:880/0,7079097/89,04190$%#8,8808820392094/44890;:307,-9

/0391.,94394:$%850.1080.43/:.9,/0391.,94341;:307,-908974:90

:80 41 ,:942,90/ 8.,333 9448 503097,943 90893 ,3/ 80.:79 9089 ,3/ 0;,:,943 .7907,

.0.89 9 40;07 /408 349 850.1 3 /09,8 . 80.:79 .0.89 94:80,9 95041

8.,333 9448 94 :80 90 3,9:70 41 503097,943 90893 94 -0 .43/:.90/ 8:. ,8 ,3 39073,

503097,943 90893 47 ,3 09073, -,. -4 503097,943 90893 %080 ,70 .43.0738 9,9 ,70

/8.4;070/-,80.:7990,289.43/:.93,78,88088203988902:83$%9.,30,/94,2-:4:8 78,8808820394:9.420850714720/43 90 8,20 %88902 1/1107039.0.89

,3/9089,7050714720/347/0794.,.:,9090789830.088,714790908990,294/0907230

. 90893 .0.89 47 5,7,209078 ,70 94 .438/070/ ,3/ 98 /0.843 8 -,80/ 43 90 %

88902:3/070;,:,943,3/90340/0,3/90.3.,3444190,88088203990,2


12/23

%49803/90,:9478.43/:.939078,8808820394190!317,897:.9:70,3/,55.,943

-,80/43970090898

3 09073, 503097,943 90893 . 4:/ -0 .43/:.90/ 94 8905 4:930 3 90 &9.,,.380708;94:/3;4;090:8041,:942,9.9448

147890588:.,8$130757393309472,553;:307,-9/0391.,94309.98

2094/44 8 :80/-0.,:80 9 8 , /0 ,..0590/ 9089 147 .,7734:9 503097,943

90893

5030- 55.,943 $0.:79!740.9 $!%45 %0898 , .0.89 41.42243 80.:79 ;:307,-908 14:3/ 3 0- ,55.,943 %8 2094/44 8 :80/

-0.,:804190570803.0410-,55.,943 0!:8942072,3,078974& 3

90!,55.,943

!#06:7020398,80941706:70203957080390/-!80.:79$9,3/,7/84:3.,889,3/,70/706:702039894-0,.0;0/-905,20393/:897%88:80/-0.,:8090

! ,55.,943 8 , 5,2039 88902 ,8 9 3;4;08 90 97,38107 41 .,8 -09003 430

8:-8.7-0794,349078:-8.7-0747207.,39147905,203941-809.

%#$$$$$%#!#%&%!

%#&%

!:75480

%0 5:75480 41 98 78 ,880882039 8 94 0;,:,90 90 ,/06:,. 41 90 ! 55.,943 ,3/

317,897:.9:7080.:79%878,880882039574;/08,897:.9:70/6:,9,9;0,8808820394190

4507,943, 03;7432039 9,//708808 80389;9 970,98 ;:307,-908 788 ,3/ 8,10:,7/8

%0 ,880882039 70.42203/8 .4890110.9;0 8,10:,7/8 94 29,90 970,98 ,3/ ,884.,90/

0549,-0;:307,-908

6:,9,9;0,5574,.4178,880882039-002540/39878,8808820399403,-090

:80 41 78 8.,0 .439,33 ;,:08 4 20/:2 ,3/ 94 ,88088 700;,39 788 %8


13/23

,5574,. 4:/ 09 :8 /0391 ,3/ .,90470 -:83088 .79., 78 7,907 9,3 , 3:207.,

0;,:,9434190.425430398.2,34930.088,7-0,110.9-:83088.4393:9

$.450

%0 8.450 41 98 78 ,880882039 ,880880/ 90 889028 :80 41 7084:7.08 ,3/ .439748

25020390/ 47 5,330/ 94 023,90 ,3/47 2,3,0 ;:307,-908 0549,-0 - 970,98

39073,,3/09073,94105490/9080;:307,-908.4:/708:93

W &3,:9470//8.48:7041/,9,

W &3,:9470/24/1.,94394908890298/,9,47-49

W 03,41807;.0,..08894/,9,47-4994,:9470/:8078

%8 #8 880882039 #05479 0;,:,908 90 .431/039,9 57490.943 1742 :3,:9470/

/8.48:704188902,3//,9,31472,943 39079 57490.9431742257450724/1.,94341

31472,943 ,3/ ,;,,-9 488 41 88902 ,..088 41 90 88902 #0.42203/0/ 80.:79

8,10:,7/8,42,3,02039942,0/0.8438,-4:980.:7970,90/39,9;08

#8 880882039 5574,.

,3 % 8 39070890/ 3:3/0789,3/3 90 445408 390,3!,7.90.9:70 ,3/ 39073,

574.08808%878,88088203997089484,90;:307,-9,3/038:7090708,-:83088

.4393:95,3,3//8,890770.4;07574.0/:708147,5488-0,7/,70,3/8419,701,:709

4:/,84038:709,990.36:08,7035,.094570;03917,:/9390!88902

%0 /,9, .40.943 5,80 3.:/0/ /03913 ,3/ 3907;03 0 50784330 93 90

47,3,943 ,3/ .43/:.93 /4.:2039 70;08 3907;08 14.:80/ 43 90 4507,93

03;74320394.:203970;08574;/0/9078,88088203990,2990-,8843.94

0;,:,90.425,3.0954.,3/574.0/:70

%4 ,/ 3 90 /0391.,943 41 90.3., 78 3 90 88902 90 ,:947 3903/ 94 5071472

89,3/,7/ 9089.,70%0 708:9841 90 ,880882039 -057080390/ 942,3,0203941 90

%/05,792039970.42203/,94341.439748


14/23

9073, !03097,943 %0893

!03097,943 90893 8 , 2094/44 :80/ - 80.:79 ,/23897,9478 94 /8.4;07 80.:79

;:307,-908 390730947888902,3/,55.,943 9,9 .4:/ 09,3,99,.07503097,90 90

30947 47 .425:907 889028 $4:/8 3 09073, 4:98/0 90 .425,308 30947

!03097,943 90893 ,8 :80/ 94 /0391 78 3 90 ! 317,897:.9:70 1443 .4:3.

;:/0308%0144389890890589,9070.,770/4:94390!317,897:.9:70

503097,94390893

31472,943 ,9073 98 ,8 /430 :83 3907309 44 :5 9448 8:. ,8 483844:5,3/97,.074:90

!479 $.,333 %8 8 90 :80 41 5479 8.,333 9448 94 /0391 4503 54798 3 908.,330/!,//70884990317429031472,943,907389,0%054798.,3338,84

:801: 3 /03913 . 807;.08 ,3/4507,93 88902,70 7:33343 90 -,.03/

807;07%0944:80/070,82,5,3/!

':307,-98.,333 98 8:80/ 94/090.9 90 570803.0 41,3 ,.9:,;:307,-95708039 3 90 88902 :80/ 088:8 944 ,3/ ,3:,7/ 944 94 8.,3 147 90

;:307,-908570803939088902

#05479 98 8 90 574.088 41 ,3,3 90 13/38 1742 , 570;4:8 89,08 41 90503097,94390893

%0 708:9 41 90 503097,943 90893 50714720/ 43 90 ! 317,897:.9:70 .,3 -0 14:3/ 3

5503/9073,,99,.,3/503097,943908937054794198/88079,943

503 0- 55.,943 $0.:79 !740.9 $! %45 %0898

%05030-55.,943$0.:79 !740.9 $! 8 ,3450384:7.0,55.,94380.:79

5740.9%0$!%45%03411078,:801:/4.:20390/.0.8941.422430-,55.,943

;:307,-908 :80/ 3 :3/0789,3/3 0- ,55.,943 80.:79 8 ,3 4503 84:7.0 80.:79


15/23

5740.990$!:808,.438038:8,24380.:79574108843,94/0907230902489.79.,

0-,55.,9431,8$!(

8/8.:880/3.,5907!,55.,943,80-,55.,943&8090!.:894207

2,3,07,55.,943!!207.,39&,3/!/897-:943,55.,943$!%45903

9089 8:80/,8, 89,3/,7/ 9089 94 9089 90800- ,55.,9438 1742 ,3 39073, 507850.9;0 %0

708:9841989089.,3-014:3/3,5503/4198/88079,943

! #06:7020398

!80.:79$9,3/,7/84:3.82884389403,3.05,2039,..4:39/,9,80.:79-/7;3

0/:.,943,3/,,7030884190!$0.:79$9,3/,7/898,80941706:7020399,98:80/94

038:70 80.:79 89,3/,7/8 41 ,3 5,2039 .425,3 8 , -089 57,.9.0 :/030 9 8

70.42203/0/9,990!,55.,9438.0.0/,,389!706:70203981471,8

5503/4198/88079,943/039108901,84190!,55.,943390!706:702039

$8902 ,7,.907,943

048,1:8941902,30020398418!317,897:.9:70

,7/,70

$07;078 3 # ,;,,-9 431:7,943 .4330.90/ 94 $ 807;07 3

$9,3/,430.4330.90/94$4794.,/8855.,943$07;07850724/:0,3/8.,,-0

0-039807;078397,3097488-47/07.4330.9;9

$419,70

3/48$07;07,3/3/48507,93$89027,.0/,9,-,80!,55.,943

8419,70%$!!#0.0;07$%7,20477,.0-90397,.0

,9,..0884254303984-0,855.,943,3,07%$!!,90,,3/

$$ #0, .9;0 $809 41 45920/ .9;0 .42543039 03,-3 6:. .70,943 41

,55.,9432502039390.422:3.,9439828.97:%!!


16/23

$890239071,.080.422:3.,9433

,9,

O 425,3/,9,-,80982,39,38,97,38,.943.,770/4:9-!.:894207O 425,354. 9080,70 /4.:20398 9,9 ,88079, 90 .425,3 7:08 ,3/ ,8 ,85079,339470:,947.425,3.0

O 3,3.,/,9,983.:/08,90.425,3813,3.088:.,8,..4:398,3/5,203982,/0-.:8942078

&8078

!8,3,55.,943450394,8:-8.7-07841903094793.:/08,55.,9438:55479

90,2.038:708,;,,-94190,55.,943908089,11,;0,/23897,9;079843

90 ,55.,943 ,8 0 ,8 90 /,9,-,80 ,9,-,80 90,2 #0;03:0 ,88:7,3.0 90,2 ,39 17,:/

570;03943!;03/477/308:55479,3/-:83088430784190,55.,943

%70,9 $9,902039

889028,;0970,98,3/;:307,-908,3/!,55.,9438349,30.0594394983472

970,984:7.08/0130/,8,89:,943470;0399,9,890549039,94.,:80,729488902;07970,984:7.0,8,9,70947,34-0.9;094,.0;0,3/90144384:/-05:9:3/07

.438/07,94303,3,380.:797841,2.42207.0,55.,943

3 09073, ,99,.07 ,33 1: 47 5,79, .43974 41 90 ,55.,943 ,3/ 88902317,897:.9:7094:9-03/090.90/-,..088.4397420.,382

31472,943 0,,0 47 /8.48:70 41 97,38,.9438 .,770/ 4:9 43 90 2.42207.0,55.,943!

48841807;.0,;,,-94190,55.,943$04 8 , 89 41 549039, 970,984:7.08 ,3/ 5488-0 970,9 ,.9438 90 .4:/ .,77 4:9 1

;:307,-9089839088902,7.90.9:70

,9:7,970,98


17/23

%70,984:7.0 %70,9.943

,32,/0/8,89078:.,8170 70 .,3 /08974 , 317,897:.9:70 06:52039

8:. ,8,7/,70$$1-07459..4330.943

09.

,9:7, /8,8907 43 317,897:.9:708 0 144/8

9473,/48..430

,907 .,3 .,:80 00.97., 84.8 3 74428

990.3.,,7/,70

:2,3970,98

%70,984:7.0 %70,9.943

,.078,3/17,:/89078 35:941743/,9,48841/,9,39079

35:94117,:/:039/,9,1478544135:754808

70,.4157;,.-,.2,901941507843,

13,3.,/,9,47,55,7,9:8

254008 ,2,0 41 90.3., 06:52039 /:0 94 -,/

6:,9 :38,10 574.0/:708 ,3/ 57,.9.08

/0-07,90 ,99,. 43 90 88902 94 ,110.9

,;,,-9 41 90 ! ,55.,94324/1.,943 41 .422,3/8 94 /017,:/ 90

889021479074357;,90,3

,.4:8.4/0 ;7:8 3807943 ,99,. 394 90 89 203:

2,,70,99,.39490,55.,943

#8880882039#08:98

%8 78 ,880882039 8.,770/ -,80/4390 708:9841 ,309073,503097,94390893 708:98

4.,90/ 390 ,5503/ 5030-55.,943 $0.:79!740.9$! 945 90898 147

0-1,.3,55.,9438,3/1,8-!706:70203985503/%8,8/430-.79.,

,3,30,.89,04190!574.08894/0391788.03,7489,92,,110.990,;,,-9

4190!,55.,943,80,8.431/039,9,3/390794197,38,.943/,9,.,770/4:943

9055.,943450-9013/3857080390/398,88088203990,3,3,0203990,2


18/23

4:/-0 ,-0 942502039, 2470 90 70.42203/0/ .439743 90 ,2 41, 247080.:702

.42207.0,55.,943%8 80.943,9902598 9444,9789,9,;0-0037,30/,847

0/:2390787,3347,30/78831472,943,3/70.42203/,943.,3-04.,90/3

90,5503/4198705479

-807;,94331472,9430,,01,9,-,80,.078

%70,984:7.0,3/;:307,-95,7%084:7.04198970,982,.4:8.7,.07892,

4..:7 /:0 , 5488-9 41 , 170, -70,. - ,3 ,99,.07 4 .,3 ,3 ,..088 94 90 !

/,9,-,8094,90797,38,.9438%0;:307,-957080393988.03,748/:094,30,,..088

.4397431472,943,3/5:-8380389;0/4.:203943,0-1,.3807;07#010794$!

9089708:935503/94

044/7,93 %0 044/4198 970,94..:7738 98 8-0.,:8090970,9

84:7.0,8249;,943243047-,.2,94-70,39490889022,35:,9047/0090/,9,

470;03/8.480507843,/,9,-043394:8078-490254008,3/.:8942078

25,.97,93 9025,.97,938-0.,:8084:/90784..:7 9003970 3907941

90/,9,-,808489.431/039,941.:8942078/,9,.,3-0489,3/48841.431/03.03,3

7,3/8489-90.438:2078

#8 7,93 %0 4;07, 78 7,93 8 -,80/ 43 2,9.3 90 044/ ,3/ 25,.9

3/.,9478174290780;02,97

#0.42203/0/.439748;4/5:99380389;031472,943430-1,.3807;0782502039

574507 07747 ,3/3 5,08 94 570;039 31472,943 0,,08 ,-4:9 90 -,.03/ 807;07

.431:7,943147$,3/309472,553-,99,.0783,-/94,:3.2470/,3074:8,99,.8

-807;,9437403..08843974

%70,984:7.0 ;:307,-9 5,7 4-807;0/ 9,9 90 ,55.,943 8:55479 /,9,-,80 ,3/

3/48 90,2 ,3/ .:894207 807;.0 ,0398 8,70 :807 ,..4:398 0 430 :807 ,..4:39 8 :80/

,2432,3202-074189,112,39 /11.:9 94,;0574507 ,:/9 48 410,. 0254008

,.9;908439088902,844-807;0/9,970897.943843,9,:9039.,90/:8078,70,40/

94/4,7034957450703147.0/99,.078.,3054990801,894,..0884907:8078,..4:398


19/23

;0 80389;0 108 47 :80 :3,:9470/ 1:3.9438 #0107 94 ,5503/ 41 1,8 41 !

706:702039

044/ 7,93 %0 044/4198 970,9 8%8 8-0.,:80 90 90,28,7089

:839895041,..0889490807;078,3/,55.,9438

25,.97,93%025,.97,938%88-0.,:809080289,082,/0-0254008

.,3,110.9,:/935:754808,3/,110.9,..4:39,-94150784330

#8 7,93 %0 4;07, 78 7,93 8 -,80/ 43 2,9.3 90 044/ ,3/ 25,.9

3/.,9478174290780;02,97

4397470.42203/,9438,9073,9;04594383147.090:80413/;/:,,..4:39940,.

202-074189,119,9,;0,..0889490,55.,943,3/807;07841!3,-0,:/948390

,55.,943,3/807;078

-807;,94325400!74-024..4:39,-93%0$8902

%88507,58430419024898074:8;:307,-95708039390!88902,89,110.9890

390794190 8890297,38,.943 ,;,,-9 41 90 ,55.,943 4-807;0/9,9 90 88902

,/23897,9478 55.,943$:55479 90,2 ,3/'03/47 90,2 41 90 !55.,943 ,;0 90

,-9945071472,397,38,.94343!94:9.70,93,3,:/997,33807997,38,.943

.,3-0 2,/0 43 90 /,9,-,80 9801 9070- -5,883 90 ,:/9 97, 41 90 88902 %0 8,20

,/23897,94788454071:0.,3/0090848174290/,9,-,80807;07-0.,:800,890

,-9945071472909,8841,,3/0.,3,84/00904843903/48807;07

%8 ;:307,-9 3 ! 8 5708039 -0.,:80 9070 8 34 574507 03147.0/ 740 -,80/ ,..088

.43974 84 ,479 41 90 ,.9438 50714720/ - , ! ,55.,943 ,/23897,947 070

/0830/34994,3,:/997,

044/7,93%0044/4198970,98%88-0.,:809090,28,70,,70

9,9907083497,.0,-93908890284907,.9438.,3349-02439470/2,390,80794

.422917,:/

25,.97,93%025,.97,938%88-0.,:809003970,..4:39,-94190!

88902.,3-0.42574280/

#8 7,93 %0 4;07, 78 7,93 8 -,80/ 43 2,9.3 90 044/ ,3/ 25,.9

3/.,9478174290780;02,97


20/23

4397470.42203/,9438,9073,9;04594383147.0740-,80/,..088.439743.34

025400,890,-99450714721:3.9438412:9500254001:3.94388:.,8740

,55.,943 ,/23897,943,80 ,83/48 807;07 8:55479#0;03:0,88:7,3.0 90,284:/

5071472

-807;,943380.:70422:3.,943

%8;:307,-90,/894,48841.431/039,9,:9039.,943,3/.4:/0,/94,-70,.41

,;,,-94190!,55.,94394..:781479470,8438901789-0397,38,.943880393

5,3909-09003900-807;07,3/90,55.,943807;07%080.43/89,9985488-0147

,309073,.:89420794803/,.0,790982897,38,.9432088,094,8479.4/0$$3:2-07

9070--5,883,9080.:79411070/-90$%03:,3/,7/,7080.:79807;07$

%0,-941,8:-8.7-0794803/,2088,03.0,7909.,30,/94,24708074:8,99,.

044/7,93%0044/4198970,98&%88-0.,:80147.:894207894

0990.4770.98479.4/09.,343-0/430974::08847,3/02540084:/70,/90

5,39092088,0-0900390#,3/#%807;07,;0,/23897,94757;0084390

8890203.0/42470/,2,09490889029,9:8948841.431/039,9

25,.97,93%025,.97,938&%88-0.,:809003970,..4:39,-94190

!88902.,3-0.42574280/

#87,93%04;07,787,938&-,80/432,9.390 044/,3/25,.9

3/.,9478174290780;02,97

43974 70.42203/,9438 ,9073,9;0 459438 !70;039 90 &$$ ,90, 1742 70.0;3

97,38,.9438 1742 8:-8.7-07 0 ,48 8:-8.7-078 94 :80 43 90 $% 203: 94 .,77 4:9

97,38,.9438 &80 03.7594303 97,382993 97,38,.9438 174290807;07 9490#%

,3/%807;07

$#'%380.:70431:7,943,3,02039

%8;:307,-94..:78-0.,:809070 84:941-4.431:7,94343!/,9,-,80,3/

3/48807;0701,:9 5,8847/ 147 0307. :807 /8 ,;0 -003 019 :3.,30/3,99,.07


21/23

48,-0,90731472,943,-4:99095041807;07809:539030947.,3574.00/94,3

:3,:9470/,..0889490317,897:.9:70#0107945503/

044/ 7,93 %0 044/41 98 970,9 8&3 ,99,.07 405498 98

;:307,-92:89:3/0789,3/90,3,7.90.9:70

25,.97,93%025,.97,938%88-0.,:8090190;:307,-9805490/

903

#87,93%04;07,787,938&-,80/432,9.390 044/,3/25,.9

3/.,9478174290780;02,97

4397470.42203/,9438,9073,9;045943838:709,9/,9,-,80,3/807;0,/23897,9478

/8,-0,:3:80/807;.08/8,-0,/01,:9:807,..4:398,3/7024;0/01,:9.431:7,9438

-807;,943$30!4391,:70,.1#0/:3/,3.,.:5$07;.08

%8;:307,-9,110.9890,;,,-9.42543039419031472,94380.:7997,/%0!

,7.90.9:70 ,8 349 -:9 147 .425090 70/:3/,3. 41 0,. .42543039 41 90 ,7.90.9:70

:770399070,7043,72-,.:514724894190.42543039841!8:.,890/,9,-,80

807;0790,55.,9438807;07907083470/:3/,3.14790$807;07990.:77039809:5

8.03,74 19070 8, ,7/,70 574-02 43,3 .42543039 390,7.90.9:70 90 03970!

88902 4:/ -0 ,110.90/ ,72 -,.:5 41 .425430398 9,08 -09003 23:908 94

23:908947089470!807;.083941:4507,943

044/7,93 %0 044/41 98 970,9 8&,7/,70 1,:708,705488-0

,94:7,70390900.422:3.,94383/:897,8,7/,70,70-:994-01,:99407,39

25,.97,93%025,.97,9381987884:/4..:790,;,,-94190!

55.,9434:/-0.42574280

#87,93%04;07,787,938&-,80/432,9.390 044/,3/25,.9

3/.,9478174290780;02,97

4397470.42203/,9438,9073,9;0459438902547,747,74:3/41574;/3,349

-,.:5 70/:3/,3. 1470,..4254303941 90!,7.90.9:7024705072,3039,3/-089

57,.9.0 70.42203/,943 4:/ -0 94 .70,90 ,3 411890 49 -,.:5 9,9 4:/ 9,0 088 9,3

23:9089489.1742$%943.,8041,3574-028


22/23

-807;,943%.4393:92,3,02039

9 ,8 3490/ 9,9 ,3 /408 349 ,;0 , 1472, /4.:20390/ :83088 4393:9 !,3 47 ,

8,8907#0.4;07!,3.4;07390,5,55.,943,3/70,90/317,897:.9:704704;079,8

3490/9,990708,3,-803.041,/8,890770.4;07#890,3/,90.79.,807;078,70480/

,990572,78909801

044/7,93%0044/4198970,98&985488-0147 7/308:5547994

-0,-094708947090,55.,943-,.19408/43

25,.9 7,93 %0 25,.9 7,93 81, /8,8907 4..:78 90,;,,-941 90 !

55.,9434:/-0,110.90/,3/9070147070;03:025,.93949047,3,943

#87,93%04;07,787,938&-,80/432,9.390 044/,3/25,.9

3/.,9478174290780;02,97

4397470.42203/,9438,9073,9;045943870,90,3//4.:2039-:83088.4393:9,3/

/8,890770.4;075,3898,84,/;80/9497,38:5547989,114390:3/0789,3/34190!

/4.:20399403,-090270.4;0790,55.,943,88443,85488-00:3/0757088:70

$:22,7

04 8 , 8:22,70/ 949, 90 3:2-07 41 , 4-807;,9438 ,43 9 907 ,884.,90/ 78

0;08 ,3/ .43974 70.42203/,9438 %8 9,-0 84:/ 2,0 9 0,807 94 1,.9,90 90

2502039,943419080.4397481477829,943

%70,9 #80;0 43974#0.42203/,9438

31472,943 0,,0 41

/,9,-,80-,.078

31472,9431907343807;07,3/5,007747,3/3

7403,..088.43974 3147.02039413/;/:,,..4:39147025400

25400 574-02 4 3147.0 740 -,80/ ,..088 .43974 ,3/ 038:70 , 70;03:0


23/23

..4:39,-9 3 90

$8902

,88:7,3.090,2945071472,-243917,:/70;0

380.:70.422:3.,943 & &80 41 03.75943 -09003 90 # ,3/ 55.,943

807;078,3/570;039&$$174270.0;397,38,.94381742

8:-8.7-078

380.:70 .431:7,943

2,3,02039

& 38:70574507.431:7,9432,3,0203941,807;078,3/

,55.,943-7024;3/01,:9.431:7,9438

$30!43941,:70 & 70,90 49 -,.:5 41 .425430398 ,8 0 ,8 ,3 411890

-,.:5

%4393:92,3,02039 & 70,90,3//4.:2039,-:83088.4393:95,3

Documents

NIST SP 300 Risk Assessment Methodology