U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity Risk Analytics CRA


NIST is working with stakeholders from across government, industry, and academia to research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. NIST’s goal is to enable information sharing among risk owners about historical, current and future cyber risk conditions and is intended to help not only enhance existing cyber risk mitigation strategies but also improve and expand upon existing cybersecurity risk metrology efforts.

We will be leveraging past and present efforts such as data repository for cyber incident analysis, predictive analytics and strategic analysis on threat coverage, prioritization and gap identification. Our initial research focus will be on technical framework and enabling functions for a trusted and secure repository that enterprise risk owners can use to anonymously share, store, aggregate, and analyze sensitive cyber incident data. As part of this process, NIST plans to solicit feedback and create opportunities for collaborations on proof of concepts to facilitate data sharing.



CRA team

Hung Trinh

Katherine Schroeder


Security and Privacy: risk management, security measurement

Created September 07, 2018, Updated September 10, 2020