# Risk Assessment This risk assessment reviews threats and vulnerabilities identified in: * VxSuite hardware, including VxCentralScan, VxAdmin, vxMark, and VxScan. Also included are any items and peripherals needed to operate the equipment listed above (e.g., USB drives, scanners, printers). * VxSuite software and source code * VotingWorks internal communication and operation support systems. This assessment was conducted following the framework outlined in NIST Special Publication 800-30 - Guide for Conducting Risk assessments. For additional information on how physical, technical, and operational controls work together to meet the requirements of **VVSG 14.1-C.1-4,** please refer to , specifically: * [access-control](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/access-control "mention") * [artifact-authentication](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/artifact-authentication "mention") * [system-integrity](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/system-integrity "mention") * [networking](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/networking "mention") * [password-and-credential-policies](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/password-and-credential-policies "mention") * [defense-in-depth-and-least-privilege](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/defense-in-depth-and-least-privilege "mention") * [cryptography](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/software-security/cryptography "mention") * [procedural-and-operational-security](https://docs.voting.works/vxsuite-tdp-v4/system-security-auditing-and-logging/procedural-and-operational-security "mention") * [trusted-build](https://docs.voting.works/vxsuite-tdp-v4/software-installation/trusted-build "mention") Please also refer to the [VxSuite User Manual - v4](https://app.gitbook.com/o/-MG9xpTX0GFiCyXHEhNe/s/JtZutzGTdCzsGITrdiph/ "mention"), notably the [Setup Inspection](https://app.gitbook.com/s/JtZutzGTdCzsGITrdiph/logic-and-accuracy-pre-election-testing/setup-inspection "mention") documentation. [Risk Assessment](https://github.com/votingworks/docs-vxsuite-v4/blob/main/risk-assessment/vxsuite-v4-risk-assessment.pdf) \[PDF] [Risk Assessment](https://github.com/votingworks/docs-vxsuite-v4/blob/main/risk-assessment/vxsuite-v4-risk-assessment.xlsx) \[Excel]