This is a potential security issue, you are being redirected to https://csrc.nist.gov.
Date Published: July 20, 2022
Comments Due: September 6, 2022 (public comment period is CLOSED)
Email Questions to: email@example.com
NIST is posting two draft Special Publications (SP) on the Enterprise Impact of Information and Communications Technology (ICT) Risk, with a public comment period open through September 6, 2022.
The increasing dependency on ICT means that all enterprises must ensure ICT risks receive the appropriate attention along with other risk disciplines –legal, financial, etc. – within their enterprise risk management (ERM) programs. These documents and resources are intended to help ICT risk practitioners at all levels of the enterprise, in private and public sectors, to better understand and practice ICT risk management (ICTRM) within the context of ERM. Using organizing constructs, such as risk appetite and tolerance statements, business impact analysis (BIA), risk registers, and key risk indicators, enterprises, can better identify, assess, communicate, monitor, and manage their ICT risks in the context of their stated mission and business objectives using language and constructs already familiar to senior leaders.
The public comment period for both drafts is open through September 6, 2022.
NOTE: A call for patent claims is included in each draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Browse and download SP 800-221A content
Related NIST Publications:
11/17/23: SP 800-221A (Final)