NIST SP 800-30 Rev 1
NIST SP 800-30 Revision 1 Guide for Conducting Risk Assessments.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
Communicate-Share
| Code | Title |
|---|---|
| RA-COMM-1 | Communicate Risk Assessment Results |
| RA-COMM-2 | Share Risk Information |
| RA-COMM-3 | Tier-Aware Reporting |
| RA-OUTPUT-1 | Assessment Outputs Drive Risk Response |
Conduct
| Code | Title |
|---|---|
| RA-CONDUCT-1 | Identify Threat Sources |
| RA-CONDUCT-2 | Identify Threat Events |
| RA-CONDUCT-3 | Identify Vulnerabilities and Predisposing Conditions |
| RA-CONDUCT-4 | Determine Likelihood of Occurrence |
| RA-CONDUCT-5 | Determine Magnitude of Impact |
| RA-CONDUCT-6 | Determine Risk |
| RA-CONDUCT-7 | Aggregate Risk Across Assets and Missions |
| RA-CONDUCT-8 | Document Risk Assessment Results |
| RA-MODEL-2 | Adversary Capability, Intent, and Targeting |
| RA-MODEL-3 | Threat Event Catalog |
| RA-MODEL-4 | Vulnerability Severity and Pervasiveness |
| RA-MODEL-5 | Predisposing Conditions |
| RA-MODEL-6 | Likelihood Scales |
| RA-MODEL-7 | Impact Types and Scales |
| RA-MODEL-8 | Risk Level Determination |
| RA-MODEL-9 | Uncertainty Handling |
| RA-QA-1 | Assessment Quality Assurance |
Maintain
| Code | Title |
|---|---|
| RA-MAINT-1 | Monitor Risk Factors |
| RA-MAINT-2 | Update Risk Assessment |
| RA-MAINT-3 | Integrate With Continuous Monitoring |
| RA-MAINT-4 | Trigger-Based Reassessment |
Prepare
| Code | Title |
|---|---|
| RA-GOV-1 | Risk Assessment Methodology Documentation |
| RA-GOV-2 | Three-Tier Risk Management Alignment |
| RA-GOV-3 | Risk Tolerance and Acceptance |
| RA-GOV-4 | Reuse of Prior Assessment Results |
| RA-INPUT-1 | Tier 1 Inputs to Assessment |
| RA-INPUT-2 | Tier 2 and Tier 3 Inputs |
| RA-MODEL-1 | Threat Source Taxonomy |
| RA-PREP-1 | Identify Purpose of Risk Assessment |
| RA-PREP-2 | Identify Scope of Risk Assessment |
| RA-PREP-3 | Identify Assumptions and Constraints |
| RA-PREP-4 | Identify Sources of Information |
| RA-PREP-5 | Identify Risk Model |
| RA-PREP-6 | Identify Analytic Approach |
| RA-PREP-7 | Establish Assessment Team and Roles |
Frequently Asked Questions
What is NIST SP 800-30 Rev 1?
NIST SP 800-30 Rev 1 is a compliance framework from United States with 4 domains and 39 controls. NIST SP 800-30 Revision 1 Guide for Conducting Risk Assessments. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NIST SP 800-30 Rev 1 have?
NIST SP 800-30 Rev 1 has 39 controls organised across 4 domains. The largest domains are Conduct (17 controls), Prepare (14 controls), Communicate-Share (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NIST SP 800-30 Rev 1 map to?
NIST SP 800-30 Rev 1 does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with NIST SP 800-30 Rev 1 compliance?
Start your NIST SP 800-30 Rev 1 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST SP 800-30 Rev 1 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 39 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 769 frameworks.
Get Started Free →Free forever — no credit card required