U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Approaches for Federal Agencies to Use the Cybersecurity Framework: NIST Publishes NISTIR 8170
March 19, 2020

Today, NIST has published NISTIR 8170, Approaches for Federal Agencies to Use the Cybersecurity Framework. It provides guidance on how the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) can be used in the U.S. Federal Government in conjunction with the current and planned suite of NIST security and privacy risk management publications. This specific guidance was derived from current Cybersecurity Framework use and implementer feedback. It provides eight example approaches to assist federal agencies as they develop, implement, and continuously improve their cybersecurity risk management programs.

The examples are consistent with OMB Circular A-130, Managing Information as a Strategic Resource, which provides guidance regarding the heavily used NIST Risk Management Framework, associated documents, and the Cybersecurity Framework. The examples also support OMB Circular A-123, Management’s Responsibility for Enterprise Risk Management and Internal Control; use of the Cybersecurity Framework helps to identify, manage, report, and monitor the internal controls needed to properly manage potential information and technology risks to an agency.  Draft NISTIR 8286Integrating Cybersecurity and Enterprise Risk Management (ERM)—also released today—decomposes and advances concepts discussed in A-130, A-123, NISTIR 8170, and the Risk Management Framework (RMF).

Related Topics

Security and Privacy: risk management

Applications: cybersecurity framework

Laws and Regulations: Executive Order 13636, OMB Circular A-130

Created March 19, 2020, Updated June 22, 2020