SP 800-39SP 800Finalpublication
SP 800-39 - Managing Information Security Risk
Provides guidance for an integrated, organization-wide program for managing information security risk across three tiers: organization, mission/business process, and information system. Establishes the foundation for the risk management hierarchy.
Publication Number
800-39
Series
SP 800
Status
Final
Date
2011-03
risk managemententerprise riskgovernancetiered approach
References(4)
SP 800-37r2SP 800-37 Rev. 2 - Risk Management Framework for Information Systems and OrganizationsSP 800-53r5SP 800-53 Rev. 5 - Security and Privacy Controls for Information Systems and OrganizationsCSF 2.0NIST Cybersecurity Framework (CSF) 2.0NISTIR 8286NISTIR 8286 - Integrating Cybersecurity and Enterprise Risk Management (ERM)