Page 1
System Details
System Name
System Owner
System Description
System Categorization (Low, Moderate, High)
Threat Identification
Identify potential threats to the system
Assess the likelihood of each threat occurring
Describe the potential impact of each threat
Vulnerability Assessment
Identify system vulnerabilities
Assess the severity of each vulnerability
Describe the potential impact of each vulnerability
Risk Analysis
Determine the risk level for each threat-vulnerability pair
Describe the overall risk to the system
Risk Treatment
Identify risk mitigation controls
Assess the effectiveness of the controls
Describe the residual risk after controls are implemented