Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Enterprise Risk Management Office (ERMO)

Risk is the effect of uncertainty on objectives.  Enterprise Risk Management (ERM) is a successful business practice that has been utilized in the private sector for many years and is now being adopted into the Federal government (OMB Circular A-123).   The focus of the ERM Program is to provide management with the tools and information necessary for informed decision-making at the organizational level.  Risk Management is also an active process that requires participation from everyone at all levels to identify and manage risk.

The Enterprise Risk Management Office manages the NIST-wide Enterprise Risk Management (ERM) program and serves as a central resource for NIST project management efforts.  It provides advice, assistance, and policy direction regarding integration of risk management and project management principles within the bureau, including processes for identification of significant risks to NIST and the Department of Commerce.  The Enterprise Risk Management Office provides consultative support and analysis to NIST management on the implementation of Enterprise Risk Management, and technical and administrative support to the NIST Enterprise Risk Management Council.  It also serves as the principle liaison and representative for NIST to the Department’s Office of Performance and Enterprise Risk Management (OPERM).


The NIST ERM Program mission is to build and maintain a robust and flexible ERM Program that will help identify, assess, mitigate and monitor risks to the NIST mission.  ERM will also better inform management regarding an appropriate balance between risk and opportunity to assure that NIST is not missing out on valuable opportunities.


The ERM office will provide management with high quality risk management information with the goal of increasing the likelihood of NIST successfully achieving its mission objectives.  For this objective to be successful, ERM must be integrated into management strategic planning and decision-making.  Proactive and informed decision-making can also position NIST to be better prepared for adverse events.  Outcomes can include improved customer service, reduced cost, allocation of limited resources where they are needed most as well as efficient and effective use of those resources, and more.

Core Values

The core values of the ERM Program are:

  • Customer Focus — Serving the NIST community by partnering with programs to assist them in addressing their diverse challenges to providing high quality services and products.
  • Innovation - Supporting new and innovative solutions to address areas that have the potential to keep NIST from accomplishing its mission.
  • Transparency — Making the NIST management processes more open on how our programs support the NIST mission and DOC strategic objectives.
  • Participation — Providing guidance for the NIST community and customers to shape and improve services and deliverables using the top down – bottom up principle of communications that utilizes ideas and solutions from all sources.
  • Accountability — Ensuring that the performance of programs and personnel are measured against the achievement of NIST’s strategic goals and objectives.


  • Enterprise Risk Management Office (ERMO)
    (301) 975-6000
    100 Bureau Dr, MS 1602
    Gaithersburg, MD 20899-1602
Created August 15, 2018, Updated June 2, 2021