Users Description [Detail categories [Describe how users access the system and their of users] intended use of the system] 3.5 Flow Diagram [Provide connectivity diagram or system input and output flowchart to delineate the scope of this risk assessment effort]. 4. Vulnerability Statement [Compile and list potential vulnerabilities applicable to the system assessed]. Vulnerability Description [List vulnerabilities] [Describe vulnerability and its impact] 5. Threat Statement [Compile and list the potential threat-sources applicable to the system assessed]. Threat-Source Threat Actions [List and/or describe actions that can be taken by [List threat sources] threat source e.g., identity theft, spoofing, system intrusion] 228