About the certification
NIST SP 800-30 Rev. 1, Guide for Conducting Risk Assessments, describes how an organization can identify, analyze, and evaluate risks to organizational operations, assets, individuals, and other organizations, as part of an enterprise-wide risk management program. The Certified NIST Risk Assessment Professional is a certification intended for professionals seeking to validate their advanced knowledge of NIST SP 800-30 Rev. 1, Guide for Conducting Risk Assessments and its practical application within cybersecurity and enterprise risk management contexts.
The exam covers topics such as the scope and purpose of NIST SP 800-30 Rev. 1, the risk assessment process, risk identification and analysis, threat and vulnerability sources, likelihood and impact determination, risk determination, and the use of risk assessment results to support organizational risk management decisions.
The Certified NIST Risk Assessment Professional certification is an online, closed-book, remotely proctored exam. It consists of 40 questions, and the passing score is 70%. Candidates have 60 minutes to complete the exam.
Validate your expertise in conducting NIST-aligned risk assessments and advance your career in cybersecurity and risk management.
Purchase your exam voucher now!
Exam details
|
Exam code |
ITC-203 |
|
Launch date |
February 17, 2026 |
|
Exam description |
The Certified NIST Risk Assessment Professional certification exam validates the candidate’s advanced knowledge of conducting and applying risk assessments, as described in NIST SP 800-30 Rev. 1, Guide for Conducting Risk Assessments. |
|
Current version |
1.0 |
|
Exam format |
Multiple choice; Computer-based; Closed Book; Online Proctored Exam. |
|
Number of questions |
40 questions |
|
Passing score |
70% (28 out of 40) |
|
Exam duration |
60 minutes |
|
Level |
Advanced |
|
Languages |
English |
|
Exam description |
The exam covers topics such as the scope and purpose of NIST SP 800-30 Rev. 1, the risk assessment process, risk identification and analysis, threat and vulnerability sources, likelihood and impact determination, risk determination, and the use of risk assessment results to support organizational risk management decisions. |
|
RECOMMENDED HOURS OF STUDY |
32 hours |
|
Bloom's Taxonomy |
Level 2 (Understanding), Level 3 (Applying), Level 4 (Analyzing), and Level 5 (Evaluating) |
|
Recommended reading |
• NIST Special Publication 800-30 - Guide for Conducting Risk Assessments |
|
Prerequisites |
There are no prerequisites for this certification |
|
Recommended experience |
Six months of work experience in Cybersecurity and Privacy |
|
Validity period |
Lifetime |
Exam Content Outline
| Domains | Weight |
|---|---|
|
1. as Scope and Purpose of the NIST SP 800-30 |
10% |
|
2. The Fundamentals |
30% |
|
3. The Risk Assessment Process |
60% |
Total | 100% |
How to get certified
Browse our certification programs and choose your certification.
Discover the exam objectives and prepare for your exam.
Register for your online proctored exam.
Take your online proctored exam in the comfort of your home or office.
Congratulations! You are certified!
Frequently Asked Questions
-
After purchasing an exam voucher, how much time do I have to take the exam?
After purchasing an exam voucher, candidates will have 180 days to take the exam.
-
Does the exam voucher include a retake?
The exam voucher includes 2 retakes in case the candidate fails the first attempt.
-
Are there any prerequisites to take the exams?
There are no prerequisites to take the exams. ITCERTS recommends that candidates have at least six months of work experience in the area that the certification exam covers.
-
What is the exam retake policy?
If a candidate does not achieve a passing score on the first attempt, there is no waiting period between the first and the second attempt. If a candidate does not achieve a passing score on the second attempt, the candidate must wait at least 7 days before retaking the exam for a third time. A candidate may not take a given exam any more than three times per year (12 months).
-
How do I register for an Online Proctored Exam?
Visit the Online Proctored Exam registration page to find complete instructions.
-
Are there any mandatory training to take an exam?
Training is recommended as part of your certification preparation, but it is not mandatory.
-
Which languages are the exams available in?
Our exams are currently available in English and Portuguese.
-
Where can I take the exams?
Exams are delivered online (Online Proctored Exams) and can be taken from anywhere in the world.
-
Do the ITCERTS certifications expire?
ITCERTS certifications are considered good-for-life and do not expire.
-
How can a potential employer verify my certifications?
Your employer can verify your certification on our certification verification page. Your certification number will be needed in order to process the verification.
Subscribe
Subscribe
Subscribe to our newsletter