NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.
Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management
Published
Author(s)
Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner
Abstract
This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and information to illustrate risk tolerance, risk appetite, and methods for determining risks in that context. To support the development of an Enterprise Risk Register, this report describes documentation of various scenarios based on the potential impact of threats and vulnerabilities on enterprise assets. Documenting the likelihood and impact of various threat events through cybersecurity risk registers integrated into an enterprise risk profile helps to later prioritize and communicate enterprise cybersecurity risk response and monitoring.
Stine, K.
, Quinn, S.
, Ivy, N.
, Barrett, M.
, Witte, G.
, Feldman, L.
and Gardner, R.
(2021),
Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8286A, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=933223
(Accessed October 1, 2025)