Date Published: October 2020
Planning Note (08/18/2023):
In addition to this foundational document, the NIST Interagency Report (IR) 8286 Series includes: The NIST IR 8286 series enables risk practitioners to integrate CSRM activities more fully into the broader enterprise risk processes. Because information and technology comprise some of the enterprise’s most valuable resources, it is vital that directors and senior leaders always have a clear understanding of cybersecurity risk posture. It is similarly vital that those identifying, assessing, and treating cybersecurity risk understand enterprise strategic objectives when making risk decisions.
None selected
Publication:
https://doi.org/10.6028/NIST.IR.8286
Download URL
Supplemental Material:
Risk Register Schema (JSON)
Risk Register Schema (JSON) (XSLS) (xlsx)
Risk Detail Record Schema (JSON)
Risk Detail Record Schema (JSON) (XSLS) (xlsx)
Risk Detail Record Example (JSON)
Risk Detail Record Example (JSON) (XSLS) (xlsx)
OLIR Mapping NISTIR 8286 to Cybersecurity Framework v1.1 (xlsx)
Playbook: Enterprise Risk Management for the U.S. Federal Government (pdf)
Association for Federal Enterprise Risk Management (AFERM)
RMA - GCOR Conference
2022 RMA GCOR Conference Session: Prioritizing Cybersecurity Risk for Enterprise Risk Management
Publication Parts:
IR 8286A
IR 8286B
IR 8286C
IR 8286D
Related NIST Publications:
Document History:
03/19/20: IR 8286 (Draft)
07/09/20: IR 8286 (Draft)
10/13/20: IR 8286 (Final)