Arlington’s Risk Assessment Toolkit is an incredibly comprehensive set of documents that includes all necessary subject matter relating to an organization’s ability to inform decision makers and support risk responses by identifying: (i) relevant threats to organizations or threats directed through organizations against other organizations; (ii) vulnerabilities both internal and external to organizations; (iii) impact (i.e., harm) to organizations that may occur given the potential for threats exploiting vulnerabilities; and (iv) likelihood that harm will occur. The end result is a determination of risk (i.e., typically a function of the degree of harm and likelihood of harm occurring). Furthermore, the documentation is easy-to-use and customize for your organization’s exact needs. 

Additionally, from FISMA to FedRAMP, CMMC, NIST 800-171, eMASS – and more – regulatory compliance is alive and well in the DoD, frameworks that all require a risk assessment to be performed.