NIST is pleased to announce the publication of a report by the University of Maryland’s Supply Chain Management Center titled “The Cyber Risk Predictive Analytics Project”. The underlying research, which stems from a NIST grant and GSA sponsorship, seeks to build the tools necessary to measure and assess the effectiveness of cybersecurity and related supply chain strategies and controls.  This report aims to define and refine the following objectives:

• Develop and deploy a secure, fully automated organizational self-assessment tool based on the Cybersecurity Framework;
• Compare respondents’ cyber security performance profiles (adoption of the respondents’ policies and actions) with their total number and specific types of cyber breaches; and,
•  Assess the efficacy of various cybersecurity and supply chain risk management standards, guidelines, policies and actions in limiting the total number and specific types of cyber breaches, and using this analysis to establish a foundation for the development of evidence-based cyber risk predictive analytics.