# Risk Assessment This risk assessment reviews threats and vulnerabilities identified in: * VxSuite hardware, including VxCentralScan, VxAdmin, vxMark, and VxScan. Also included are any items and peripherals needed to operate the equipment listed above (e.g., USB drives, scanners, printers). * VxSuite software and source code * VotingWorks internal communication and operation support systems. This assessment was conducted following the framework outlined in NIST Special Publication 800-30 - Guide for Conducting Risk assessments. For additional information on how physical, technical, and operational controls work together to meet the requirements of **VVSG 14.1-C.1-4,** please refer to , specifically: * [Access Control](/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/access-control.md) * [Artifact Authentication](/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/artifact-authentication.md) * [System Integrity](/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/system-integrity.md) * [Networking](/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/networking.md) * [Password and Credential Policies](/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/password-and-credential-policies.md) * [Defense-in-Depth and Least Privilege](/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/defense-in-depth-and-least-privilege.md) * [Cryptography](/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/cryptography.md) * [Procedural and Operational Security](/vxsuite-tdp-v4/system-security-auditing-and-logging/procedural-and-operational-security.md) * [Trusted Build](/vxsuite-tdp-v4/software-installation/trusted-build.md) Please also refer to the [VxSuite User Manual - v4](https://docs.voting.works/vxsuite-user-manual-v4/), notably the [Setup Inspection](https://docs.voting.works/vxsuite-user-manual-v4/logic-and-accuracy-pre-election-testing/setup-inspection) documentation. [Risk Assessment](https://github.com/votingworks/docs-vxsuite-v4/blob/main/risk-assessment/vxsuite-v4-risk-assessment.pdf) \[PDF] [Risk Assessment](https://github.com/votingworks/docs-vxsuite-v4/blob/main/risk-assessment/vxsuite-v4-risk-assessment.xlsx) \[Excel] --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/risk-assessment.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.