U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

NISTIR 8286A

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

Date Published: November 2021

Author(s)

Stephen Quinn (NIST), Nahla Ivy (NIST), Matthew Barrett (CyberESI Consulting Group), Larry Feldman (Huntington Ingalls Industries), Gregory Witte (Huntington Ingalls Industries), Robert Gardner (New World Technology Partners)

Abstract

Keywords

cybersecurity risk management; cybersecurity risk measurement; cybersecurity risk register; enterprise risk management (ERM); enterprise risk profile
Control Families

None selected

Documentation

Publication:
NISTIR 8286A (DOI)
Local Download

Supplemental Material:
Risk Register Schema (JSON) (other)
Risk Detail Record Schema (JSON) (other)
Risk Detail Record Example (JSON) (other)

Other Parts of this Publication:
NISTIR 8286

Document History:
12/14/20: NISTIR 8286A (Draft)
07/06/21: NISTIR 8286A (Draft)
11/12/21: NISTIR 8286A (Final)

Topics

Security and Privacy
risk management; security measurement

Applications
enterprise