Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Traditional Security Checklist
PH-02.02.01
PH-02.02.01
An XCCDF Group - A logical subset of the XCCDF Benchmark
Details
Profiles
Prose
PH-02.02.01
1 Rule
<GroupDescription></GroupDescription>
Risk Assessment -Holistic Review (site/environment/information systems)
Medium Severity
<VulnDiscussion>Failure to conduct a risk analysis could result in not implementing an effective countermeasure to a vulnerability or wasting resources on ineffective measures leading to a possible loss of classified, equipment, facilities, or personnel. REFERENCES: DoD 5200.22-M (NISPOM), February 2006, Incorporating Change 2, May 18, 2016 Chap 1, Section 2, para 1-207a.(1) & b.; Chap 8 Sec 1, para 8-100.a., d. & e., 8-101., 8-102., 8-201., 8-202., 8-301., and 8-304.b. NIST Special Publication 800-53 (SP 800-53) Controls: PE-18(1), PL-1, PL-2, PS-1, RA-1 RA-3 DoD 5200.8-R Physical Security Program Definitions: 1.13, 1.14., 1.15., 1.22.; Chap 1, C1.2.3. C1.2.4. and Chap 2, C2.1.3.3. DoD Manual 5200.08 Volume 3, Physical Security Program: Access to DoD Installations, 2 January 2019 DoD Manual 5200.01, Volume 3, 24 February 2012, SUBJECT: DoD Information Security Program: Protection of Classified Information Encl 2, para 10.; Encl 3, para 4.: Appendix to Encl 3, para 2.a. and Encl 7 para 4.c. CJCSI 6510.01F, INFORMATION ASSURANCE (IA) AND SUPPORT TO COMPUTER NETWORK DEFENSE (CND), 9 February 2011 Encl A, para 12; Encl B, para 2.d(3), 2.g., and 3.h.; Encl C, para 3.a., 6.b.(6) and 33. DoD Instruction 8510.01, Risk Management Framework (RMF) for DoD Information Technology (IT), March 13, 2014 DoD Instruction 8500.01, "Cybersecurity," March 13, 2014 Encl 2, paragraph 2.k., 9.q., 15.e. and Encl 3, paragraph 2. (*2.f.) & 9.b.(5) NIST SP 800-30, Guide for Conducting Risk Assessments NIST SP 800-37, Guide for Applying the Risk Management Framework to Federal Information Systems</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>