Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Risk Management Resources

The following links provide resources pertinent to the specific groups:


General

Critical Infrastructure

SMB

International

Federal

Assessment & Auditing

SLTT

Academia


This is a listing of publicly available Framework resources. Resources include, but are not limited to: approaches, methodologies, implementation guides, mappings to the Framework, case studies, educational materials, Internet resource centers (e.g., blogs, document stores), example profiles, and other Framework document templates.

Criteria for Inclusion

If your resource is: publicly available on the Internet, accurate and comprehensive for a given dimension of the Framework, and freely available for others to use (we welcome free resources from for-profit entities), it meets the basic criteria for inclusion in the Framework Web site. Pay-for resources associated with non-profit entities also meet the basic criteria for inclusion in the Web site. If your resource qualifies and you would like it listed at the Framework Industry Resources Web page, send a description of your resource to cyberframework [at] nist.gov.

Representations and Warranties

Certain commercial entities, equipment, or materials may be identified in this Web site or linked Web sites in order to support Framework understanding and use. Such identification is not intended to imply recommendation or endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best available for the purpose.

Created February 1, 2018, Updated November 18, 2019