Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Integrating Cybersecurity and Enterprise Risk Management (ERM): Draft NISTIR 8286 Available for Comment

NIST is requesting comments on Draft NISTIR 8286, "Integrating Cybersecurity and Enterprise Risk Management (ERM)." The public comment period closes April 20, 2020.

All enterprises should ensure cybersecurity risk gets the appropriate attention within their enterprise risk management (ERM) programs, which address all types of risk. Individual organizations within an enterprise can improve the cybersecurity risk information they provide as inputs to their enterprise's ERM processes. By doing so, enterprises and their component organizations can better identify, assess, and manage their cybersecurity risks in the context of their broader mission and business objectives.
 
NIST is releasing Draft NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), for public comment. This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

The public comment period closes on April 20, 2020. See the publication details for a copy of the draft and instructions for submitting comments.

 

NOTE: A call for patent claims is included on page iv of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Released March 19, 2020