Describe the purpose of the risk assessment. The purpose may
be to determine risk at various system life cycle phases, to include the security
categorization, to tailor
security controls, to assess the risk of non-compliant security controls, to assess
the impact of actual or
proposed changes to the system in operations, etc.
Source: CNSSI-1254 appendix C RAR Data elements #1, NIST SP 800-30