NIST extends by a month comment deadline on enterprise risk management guidance

Stakeholders now have until March 1 to comment on a NIST guidance fleshing out “concepts” related to enterprise risk management, adding an extra month for organizations to weigh in on a document released in mid-December.

NISTIR 8286A, “Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management,” was released for comment on Dec. 14 and was described as “the first in a series of companion publications that provide guidance for implementing, monitoring, and maintaining an enterprise approach designed to...