The National Institute of Standards and Technology is seeking public comments on the second draft of its report on cybersecurity risk management in an enterprise setting.
The Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management document provides guidance in implementing CSRM to help organizations manage their enterprise risks amid an increasing number of cyber attacks, NIST said Tuesday.
Building on earlier public feedback, the draft now includes improved editorial updates and graphics to better show how the defense of cyber assets is connected with enterprise risk management.
The document also features an example risk detail report template and related discussions on privacy and supply chain.
NIST will accept comments on the draft until Aug. 6.
The agency is also seeking insights on a different document focused on the cybersecurity of commercial satellite operations.