​​​​NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View

• Guidance for organization-wide information security risk management as a complement to Enterprise Risk Management (ERM) programs
•  Identifies components of and process for risk management (Frame Risk, Assess Risk, Respond to Risk, and Monitor Risk) and the levels of organizational risk management (Organization, Mission/Business Process, and Systems) 

NIST SP 800-30, Guide for Conducting Risk Assessments 

• Guidance and a repeatable, flexible methodology for conducting risk assessments at all levels of the organization (Organization, Mission/Business Process, and System)
• Includes multiple appendices for implementer to use for: threat source identification, examples of threat events, determine adverse impact, determine level of risk, templates for determining non-adversarial and adversarial risk and developing risk assessment reports

NIST SP 800-18, Guide for Developing Security Plans for Federal Information Systems 

• Guidance on developing system security plans; includes a system security plan template

NIST SP 800-160, Volume 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems 

• Guidance on including security into systems engineering processes; builds on systems engineering standard, ISO/IEC/IEEE 15288.

NISTIR 8062, An Introduction to Privacy Engineering and Risk Management in Federal Systems

• An introduction to the concepts of privacy engineering and risk management, the basis for a common vocabulary for privacy risk, and definition of privacy engineering objectives and a privacy risk model