This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise…

Learn More

The climate crisis poses a serious threat to the United States economy and human welfare, with a narrowing timeframe to invest in opportunities to avoid the most catastrophic impacts. Extreme…

Learn More

With the threat of ransomware growing, this “quick start guide” will help organizations use the National Institute of Standards and Technology (NIST) Ransomware Risk Management: A Cybersecurity Framework Profile to…

Learn More

With cyberattacks on the rise, controlled unclassified information (CUI) among defense-related businesses is increasingly at risk. Therefore, the Department of Defense is mandating the DIB to meet new security requirements…

Learn More

On February 22, 2022, NIST issued a public Request for Information (RFI), “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.” The RFI sought…

Learn More

This publication provides guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. The publication integrates cybersecurity supply chain risk…

Learn More

NIST has collaborated with public and private sector stakeholders to research and develop C-SCRM tools and metrics, producing case studies and widely used guidelines on mitigation strategies. These multiple resources…

Learn More

The concept of resilience has emerged as a priority for the energy system. Beyond reliability, which measures system preparedness for routine, recurring challenges, resilience encapsulates the system’s ability to anticipate,…

Learn More

The Secureworks Incident Response (IR) team plays a critical role in supporting organizations impacted by a security incident. Leveraging insights gained from hundreds of engagements each year, the Secureworks Counter…

Learn More

Datadog is a cloud-scale monitoring and security platform that unifies metrics, traces, logs, and more for centralized visibility and faster troubleshooting on dynamic architectures. Learn how Datadog can aid customers with meeting…

Learn More

This In Focus provides an overview of the U.S. critical infrastructure community, describing the current development of cyber risk management programs and activities in the Energy, Healthcare and Public Health…

Learn More

A supply chain consists of the system of organizations, people, activities, information, and resources that provide products or services to consumers. Like other types of goods, a global supply chain…

Learn More

Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and…

Learn More

Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. This joint Cybersecurity Advisory (CSA) between…

Learn More

The UK National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) in the US have…

Learn More