HIPAA COW
RISK ANALYSIS & RISK MANAGEMENT TOOLKIT NETWORKING GROUP
SUMMARY OF RISK ASSESSMENT STEPS NIST SP 800-30
Disclaimer
This document is Copyright 2012 by the HIPAA Collaborative of Wisconsin (HIPAA COW). It may be
freely redistributed in its entirety provided that this copyright notice is not removed. When information from this
document is used, HIPAA COW shall be referenced as a resource. It may not be sold for profit or used in
commercial documents without the written permission of the copyright holder. This document is provided as is
without any express or implied warranty. This document is for educational purposes only and does not constitute
legal advice. If you require legal advice, you should consult with an attorney. Unless otherwise noted, HIPAA
COW has not addressed all state pre-emption issues related to this document. Therefore, this document may need
to be modified in order to comply with Wisconsin/State law.
The purpose of this document is to provide a high level summary of the nine risk assessment steps
outlined in the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30,
Risk Management Guide for Information Technology Systems (NIST SP 800-30). A copy of the NIST
SP 800-30 flowchart of the steps is on page 3.
Page 1 of 4.
DRAFT
Version 1/FINAL: 1/12/12
DRAFT
Version 1/FINAL: 1/12/12
Page 3 of 4.
DRAFT
Version 1/FINAL: 1/12/12
Page 4 of 4.