Skip to content
Home / Function (NIST CSF 2.0) / ID - Identify / RA - Risks Asst

NIST SP 800-39 Managing Information Security Risk: Organization, Mission, and Information System View

This document focuses on:

NIST SP 800-39 serves as the overarching flagship for information security risk management, providing the high-level governance necessary to align cybersecurity efforts with an organization’s core mission and business objectives. It introduces a critical three-tiered approach—addressing risk at the Organization level (Tier 1), the Mission/Business Process level (Tier 2), and the Information System level (Tier 3)—to ensure that risk framing, assessment, response, and monitoring are integrated into every layer of leadership. By establishing a formal risk executive function and defining organizational risk appetite, SP 800-39 transforms security from a reactive technical task into a proactive, strategic business discipline.


Publication's URL

https://csrc.nist.gov/pubs/sp/800/39/final

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *