Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8286C

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

Date Published: September 2022 (includes updates as of March 6, 2024)

Supersedes: IR 8286C (09/14/2022)

Planning Note (03/06/2024):

The changes made to NIST IR 8286C in this update are documented in Appendix A of the report.


Author(s)

Stephen Quinn (NIST), Nahla Ivy (NIST), Matthew Barrett (CyberESI Consulting Group), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

cybersecurity risk management; cybersecurity risk measurement; cybersecurity risk register (CSRR); enterprise risk management (ERM); key performance indicator (KPI); key risk indicator (KRI); risk acceptance; risk aggregation; risk avoidance; risk conditioning; risk mitigation; risk optimization; risk prioritization; risk response; risk sharing; risk transfer
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8286C-upd1
Download URL

Supplemental Material:
See NISTIR 8286 Supplemental Material

Publication Parts:
IR 8286
IR 8286A
IR 8286B
IR 8286D

Document History:
03/06/24: IR 8286C (Final)