Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

NISP eMASS DAAPM DCSA Requirements for Risk Assessment Report (Appendix C) - Download Toolkit Today

Arlington Security Portal

Get Access to 100 + NIST RMF security and privacy policies & procedures, programs, and plan templates.

As stated in the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM), DoD & Cleared contractors in industry are required to perform, at a minimum, an annual risk assessment, and one that is specific to an actual ‘system’.

Per the DAAPM, the scope of the risk assessment should focus on the system’s use of resources and controls to mitigate vulnerabilities exploitable by threat agents (internal and external) identified during the Risk Management Framework (RMF) control selection process, based on the system’s categorization.

Additionally, per the DAAPM, “This initial assessment will be a Tier 3 or “information system level” risk assessment. While not entirely comprehensive of all threats and vulnerabilities to the system, this assessment will include any known risks related to the incomplete or inadequate implementation of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 controls selected for this system.”

And while DAAPM provides a clear example of a risk assessment (i.e., Risk Assessment Report – Appendix C of the DAAPM), they do not provide detailed information – and examples – of the threat sources. Developing and documenting such information can be time-consuming. 

Download Risk Assessment Program Today for Cleared Industry

As such, the following Risk Assessment Program for cleared industry offered by the Arlington Security Portal (ASP) lists approximately 110 ‘Threat Events and Vulnerabilities’ that can be used when assessing MUSA, SUSA, LAN, WAN, or any other type of DoD environments.

100 + NIST 800-53 Templates Available for Download for Cleared Industry

The solution for cleared industry is the Arlington Security Portal (ASP), an online repository of world-class, industry leading security and privacy policies & procedures, programs, plans – and other highly essential documents & templates developed specifically on NIST SP 800-53, Revision 5. eMASS services include the following:

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at