Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Integrating Cybersecurity and Enterprise Risk Management | NIST IR 8286 Series Revisions and Updates

NIST has released revisions or updates to all five publications in its Interagency Report (IR) 8286 series. The public comment period is open through April 14, 2025, for the initial public drafts of IR 8286r1, IR 8286Ar1, and IR 8286Cr1.

NIST has released revisions or updates to all five publications in its Interagency Report (IR) 8286 series. These publications help practitioners better understand the close relationship between cybersecurity and enterprise risk management (ERM). All five publications in the series have been updated to align more closely with the Cybersecurity Framework (CSF) 2.0 and other updated NIST guidance. The updated series puts greater emphasis on cybersecurity governance to highlight the importance of ensuring cybersecurity capabilities support the broader mission through ERM.

Three of the publications are available for public comment through April 14, 2025:

The other publications in the series have had only minor errata updates and are being released as final:

For more information on the release of these publications and their close relationship to CSF 2.0, see the Celebrating 1 Year of CSF 2.0 blog post.

Released February 26, 2025, Updated February 27, 2025