RA Step 1 is composed of three tasks. Which statement correctly describes their grouping?

Establishing risk framing sets the foundation for a risk assessment. RA Step 1 groups three tasks that determine why the assessment is being done, what is included, and under what assumptions you will operate. Identifying the purpose clarifies the objective and what decisions the risk results will support, guiding scope and focus. Defining the scope sets the boundaries—which assets, systems, processes, and environments are in or out—so everyone agrees on what is being analyzed. Capturing assumptions records the conditions and constraints you’re relying on, such as known threats, control effectiveness, or environmental factors, so later work isn’t built on hidden or changing premises. Together, these tasks ensure the assessment is appropriately bounded, aligned with stakeholders, and repeatable, which is essential before identifying threats, vulnerabilities, and impacts. They are not post-assessment steps, not optional, and they apply to federal risk assessments as well as other contexts.