Per NIST, “The purpose of a risk assessment is to inform decision makers and support risk responses by identifying: (i) relevant threats to organizations or threats directed through organizations against other organizations; (ii) vulnerabilities both internal and external to organizations;(iii) impact (i.e., harm) to organizations that may occur given the potential for threats exploiting vulnerabilities; and (iv) likelihood that harm will occur. The end result is a determination of risk (i.e., typically a function of the degree of harm and likelihood of harm occurring).” 

Additionally, from FISMA to FedRAMP, CMMC, NIST 800-171, eMASS – and more – regulatory compliance is alive and well in the DoD, frameworks that all require a risk assessment to be performed.

Current regulatory compliance reporting (i.e., FISMA, FedRAMP, eMASS, etc.), requires DoD contractors to perform a risk assessment at least annually, and more frequently if circumstances warrant such. Arlington has successfully developed and performed a large number of risk assessments for our clients all throughout North America.

With Arlington, we have a wide-range of risk assessment programs that serve as an excellent starting point for developing, then performing the actual risk assessment. Additionally, we have extensive expertise in performing risk assessments using DoD provided templates, such as the Defense Counterintelligence and Security Agency (DCSA) Assessment and Authorization Process Manual (DAAPM) RAR form, and more.

When performing a risk assessment, DoD contractors should consider the following as essential for a well-developed and executed risk assessment program: