U.S. flag   An official website of the United States government

NISTIR 8286

Integrating Cybersecurity and Enterprise Risk Management (ERM)

Date Published: October 2020

Author(s)

Kevin Stine (NIST), Stephen Quinn (NIST), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

cybersecurity risk management (CSRM); cybersecurity risk measurement; cybersecurity risk profile; cybersecurity risk register (CSRR); enterprise risk management (ERM); enterprise risk profile; risk appetite; risk tolerance
Control Families

None selected

Documentation

Publication:
NISTIR 8286 (DOI)
Local Download

Supplemental Material:
Risk Register Schemas and Examples [JSON] (zip)
OLIR Mapping NISTIR 8286 to Cybersecurity Framework v1.1 (xls)

Other Parts of this Publication:
NISTIR 8286A (Draft)

Related NIST Publications:
NISTIR 8170

Document History:
03/19/20: NISTIR 8286 (Draft)
07/09/20: NISTIR 8286 (Draft)
10/13/20: NISTIR 8286 (Final)

Topics

Security and Privacy
risk management

Applications
enterprise