This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Strategy that addresses how organizations intend to assess risk, respond to risk, and monitor risk—making explicit and transparent the risk perceptions that organizations routinely use in making both investment and operational decisions.
NIST SP 800-160 Vol. 2 Rev. 1 from NIST SP 800-39