GovWhitePapers Logo

Sorry, your browser is not compatible with this application. Please use the latest version of Google Chrome, Mozilla Firefox, Microsoft Edge or Safari.

Risk Management / Regulatory content

Staging Cybersecurity Risks for Enterprise Risk Management and Governance Oversight

Staging Cybersecurity Risks for Enterprise Risk...

This document is the third in a series that supplements NIST Interagency/Internal Report (NISTIR) 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This series provides additional details regarding the enterprise…

Learn More
Climate Risk Exposure: An Assessment of the Federal Government’s Financial Risks to Climate Change

Climate Risk Exposure: An Assessment of the...

The climate crisis poses a serious threat to the United States economy and human welfare, with a narrowing timeframe to invest in opportunities to avoid the most catastrophic impacts. Extreme…

Learn More
Getting Started with Cybersecurity Risk Management | Ransomware

Getting Started with Cybersecurity Risk Management...

With the threat of ransomware growing, this “quick start guide” will help organizations use the National Institute of Standards and Technology (NIST) Ransomware Risk Management: A Cybersecurity Framework Profile to…

Learn More
Achieve CMMC 2.0 Compliance with Hypori Halo

Achieve CMMC 2.0 Compliance with Hypori Halo

With cyberattacks on the rise, controlled unclassified information (CUI) among defense-related businesses is increasingly at risk. Therefore, the Department of Defense is mandating the DIB to meet new security requirements…

Learn More
Evaluating and Improving Cybersecurity Resources

Evaluating and Improving Cybersecurity Resources

On February 22, 2022, NIST issued a public Request for Information (RFI), “Evaluating and Improving NIST Cybersecurity Resources: The Cybersecurity Framework and Cybersecurity Supply Chain Risk Management.” The RFI sought…

Learn More
Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

Cybersecurity Supply Chain Risk Management...

This publication provides guidance to organizations on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain at all levels of their organizations. The publication integrates cybersecurity supply chain risk…

Learn More
NIST Cybersecurity SCRM Fact Sheet

NIST Cybersecurity SCRM Fact Sheet

NIST has collaborated with public and private sector stakeholders to research and develop C-SCRM tools and metrics, producing case studies and widely used guidelines on mitigation strategies. These multiple resources…

Learn More
Valuing Resilience for Microgrids: Challenges, Innovative Approaches, and State Needs

Valuing Resilience for Microgrids: Challenges,...

The concept of resilience has emerged as a priority for the energy system. Beyond reliability, which measures system preparedness for routine, recurring challenges, resilience encapsulates the system’s ability to anticipate,…

Learn More
Learning from Incident Response: 2021 Year in Review

Learning from Incident Response: 2021 Year in...

The Secureworks Incident Response (IR) team plays a critical role in supporting organizations impacted by a security incident. Leveraging insights gained from hundreds of engagements each year, the Secureworks Counter…

Learn More
FedRAMP Compliance Tools With Datadog

FedRAMP Compliance Tools With Datadog

Datadog is a cloud-scale monitoring and security platform that unifies metrics, traces, logs, and more for centralized visibility and faster troubleshooting on dynamic architectures. Learn how Datadog can aid customers with meeting…

Learn More
Critical Infrastructure Security and Resilience: Countering Russian and Other Nation-State Cyber Threats

Critical Infrastructure Security and Resilience:...

This In Focus provides an overview of the U.S. critical infrastructure community, describing the current development of cyber risk management programs and activities in the Energy, Healthcare and Public Health…

Learn More
Cyber Supply Chain Risk Management: An Introduction

Cyber Supply Chain Risk Management: An Introduction

A supply chain consists of the system of organizations, people, activities, information, and resources that provide products or services to consumers. Like other types of goods, a global supply chain…

Learn More
Ransomware Risk Management: A Cybersecurity Framework Profile

Ransomware Risk Management: A Cybersecurity...

Ransomware is a type of malicious attack where attackers encrypt an organization's data and demand payment to restore access. In some instances, attackers may also steal an organization's information and…

Learn More
Destructive Malware Targeting Organizations in Ukraine

Destructive Malware Targeting Organizations in...

Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable. This joint Cybersecurity Advisory (CSA) between…

Learn More
New Sandworm Malware Cyclops Blink Replaces VPNFilter

New Sandworm Malware Cyclops Blink Replaces...

The UK National Cyber Security Centre (NCSC), the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) in the US have…

Learn More