GovWhitePapers Logo

Sorry, your browser is not compatible with this application. Please use the latest version of Google Chrome, Mozilla Firefox, Microsoft Edge or Safari.

Risk Management / Regulatory content

The NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework 2.0 provides a comprehensive structure for managing cyber risk through governance, identification, protection, detection, response, and recovery. It expands on earlier versions with greater emphasis on…

Learn More
Strengthening Cyber Resilience for Critical Infrastructure

Strengthening Cyber Resilience for Critical...

State and local governments sit at the heart of critical infrastructure protection, facing rising cyber threats against systems that power water, energy, transportation, and healthcare. This overview emphasizes the need…

Learn More
2025 State of Operational Technology and Cybersecurity Report

2025 State of Operational Technology and...

Operational Technology (OT) environments are becoming more connected—and more exposed—to cyber threats. Fortinet’s report reveals that organizations are maturing in both process and solution adoption, with more CISOs taking ownership…

Learn More
OT Cyber Readiness in 90 Days

OT Cyber Readiness in 90 Days

Operational Technology systems that power critical infrastructure—like federal facilities, utilities, airports, and data centers—face mounting cyber risk from ransomware and nation-state actors. Minerva Cyber’s OT Cyber Readiness in 90 Days…

Learn More
Weapon System Sustainment

Weapon System Sustainment

The GAO found that the Department of Defense often lacks the intellectual property and data rights needed to effectively sustain major weapon systems. Programs struggle to plan for technical data…

Learn More
Cyber Security Risk Management Construct

Cyber Security Risk Management Construct

The DoD’s Cyber Security Risk Management Construct outlines a lifecycle approach that blends DevSecOps, continuous monitoring, and mission-focused assessments. Instead of treating authorization as a one-time hurdle, it emphasizes real-time…

Learn More
2025 Minimum Elements for a Software Bill of Materials

2025 Minimum Elements for a Software Bill of...

This CISA draft refines the foundational elements of a Software Bill of Materials (SBOM), helping agencies and organizations understand and manage the software components they use. It updates the 2021…

Learn More
Soldier Load: The Art and Science of ‘Fighting Light’

Soldier Load: The Art and Science of ‘Fighting...

In modern infantry operations, the real challenge isn’t a Soldier’s strength—it’s the weight they carry. Overloaded packs drain energy, slow movement, and reduce combat effectiveness long before the fight begins.…

Learn More
Records Retention and Data Minimization

Records Retention and Data Minimization

As data privacy regulations grow more stringent, organizations are shifting away from “keep everything” strategies toward smarter, risk-conscious data practices. This guide explores how records retention and data minimization can…

Learn More
Sixth Report Pursuant to Section 202(E) of the Dodd-Frank Wall Street Reform and Consumer Protection Act

Sixth Report Pursuant to Section 202(E) of the...

Fifteen years after the financial crisis, the 2025 Dodd-Frank report reflects on progress made in building a safer financial system—and where risks still remain. It highlights the importance of capital,…

Learn More
Semiannual Risk Perspective

Semiannual Risk Perspective

The Spring 2025 Semiannual Risk Perspective from the OCC highlights how rising interest rates, commercial real estate exposure, and cybersecurity threats are reshaping risk for national banks and federal savings…

Learn More
Cybersecurity: Implementation of the 2015 Information Sharing Act

Cybersecurity: Implementation of the 2015...

Nearly a decade after its passage, the Cybersecurity Information Sharing Act of 2015 continues to play a pivotal role in how cyber threat data is exchanged across federal and nonfederal…

Learn More
Investments under Risk: Evidence from Hurricane Strikes

Investments under Risk: Evidence from Hurricane...

How do companies respond when hurricanes hit their operations? This study shows that after major hurricane strikes, firms shift capital investment away from affected areas toward safer regions—especially after 1997,…

Learn More
Cybersecurity and Financial System Resilience Report

Cybersecurity and Financial System Resilience...

The 2025 Cybersecurity Report outlines the growing complexity of cyber threats facing the U.S. financial system, highlighting vulnerabilities linked to third-party service providers and outdated legacy systems. It emphasizes the…

Learn More
China’s Military Diplomacy

China’s Military Diplomacy

As cyber threats increasingly target critical infrastructure, state governments are stepping up their cybersecurity readiness. This strategic plan outlines how a multi-state compact can help build capacity, share threat intelligence,…

Learn More