Show Filters
Article / Publication
Source: NIST   

Managing Information Security Risk: Organization, Mission, and Information System View (NIST 800-39)

The purpose of Special Publication 800-39 is to provide guidance for an integrated, organization-wide program for managing information security risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation resulting from the operation and use of federal information systems. Special Publication 800-39 provides a structured, yet flexible…

Article / Publication
Source: NIST   

Risk Management Framework for Information Systems and Organizations (NIST 800-37r2)

This publication contains comprehensive updates to the Risk Management Framework. The updates include an alignment with the constructs in the NIST Cybersecurity Framework; the integration of privacy risk management processes; an alignment with system life cycle security engineering processes; and the incorporation of supply chain risk management processes. Organizations can use the frameworks and processes…

Article / Publication
Source: NIST   

Guide for Conducting Risk Assessments (NIST 800-30, rev 1)

NIST Special Publication (SP) 800-30, Revision 1, Guide for Conducting Risk Assessments

Article / Publication
Source: NIST   

Cybersecurity & Privacy Stakeholder Engagement

ENGAGING WITH NIST ON CYBERSECURITY AND PRIVACY Stakeholders are a very important force behind NISTā€™s cybersecurity and privacy programs. NIST counts on developers, providers, and everyday users of cybersecurity and privacy technologies/information to guide our priorities in serving the public and private sectors. Stakeholders also are critical when it comes to decisions about the best…

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge