Term · 11. Risk & Compliance

Risk Assessment RA

IDM/IGA Domain

Personal Data Identity Security DORA ISO/IEC NIST GDPR NIS2

Definition

Systematic process to identify, analyze, and evaluate identity-related risks. Outputs: risk register with likelihood × impact scoring, recommended mitigations, residual risk acceptance. Required by ISO 27001 (Annex A.5/A.8), NIST CSF, GDPR Art. 32 (security of processing), DORA, NIS2.

Application: MidPoint: Risk assessment is a comprehensive process consisting of risk identification, risk analysis and risk evaluation.

Standards & regulations

NIST SP 800-53 Rev. 5 «RA-3 Risk Assessment: a. Conduct a risk assessment, including:»
NIST CSF 2.0 «Risk Assessment (ID.RA): The cybersecurity risk to the organization, assets, and individuals is understood by the organization.»
NIST SP 800-37 Rev. 2 «The RMF provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization.»

Sources

NIST SP 800-53 Rev. 5 (csrc.nist.gov) primary source

Related terms

← Back to glossary · Open in main list