National Risk Management Center
A center providing actionable risk analysis to drive secure and resilient critical infrastructure for the American people.
A critical infrastructure community empowered by actionable risk analysis.
CISA works with government and industry to identify, analyze, prioritize, and manage the most significant strategic risks to the nation’s critical infrastructure. Through the National Risk Management Center (NRMC), CISA identifies and supports risk reduction activities by securing strategic analytical value in support of the American people. The NRMC was established in 2018 to serve as the Nation’s center for critical infrastructure risk analysis.
NRMC supports CISA leadership and operations; Federal partners; State, local, tribal, territorial partners; and the broader critical infrastructure community. It is through collaboration with these partners that CISA can identify the most significant risks to the nation and coordinate risk reduction activities to ensure critical infrastructure is secure and resilient both now and into the future.
National Risk Management Center (NRMC)
NRMC provides critical analytical support to CISA’s mission to understand, manage, and reduce risk to the cyber and physical infrastructure Americans rely on every day. CISA and other critical infrastructure partners to apply actionable analysis to the decisions and investments they make to manage risk.
Our critical infrastructure community faces a risk environment that is complex, evolving, and interconnected. NRMC is organized to maximize our analytic capability to provide timely, actionable, and integrated analysis to both CISA and the broader critical infrastructure community. These analytic insights are used to identify risk mitigation opportunities that improve national security and resiliency. We recognize that this depends on meaningful, value-driven partnerships across critical infrastructure sectors, industries, and functions. We believe that an integrated, collaborative approach to cyber and physical risk mitigation results in a stronger nation. We are excited to serve as the Nation’s center for cross-sector critical infrastructure risk analysis, and we are ready for the challenges ahead.
NRMC is leveraging enterprise risk management leading practices to build and implement risk services and analytical capabilities to identify, analyze, prioritize, and manage the most significant strategic risks to national Critical Infrastructure. This will help to enhance our risk management capabilities at the right level of focus and in ways that can be scaled for cross-sector application in support of stakeholders around the country.
Risk prioritization allows CISA to focus our attention and investment – we use the analytic capabilities to analyze and prioritize risk. The value this work provides is evident through programs and products like the Critical Infrastructure Risk Register, Systemically Important Entities, National Critical Infrastructure Prioritization Program (NCIPP), and others. A primary focus of the NRMC is to drive alignment and encourage a collaborative approach that supports a more-robust national-level, cross-sector risk picture.
The NRMC also engages in information sharing and targeted outreach to work collaboratively on resilience strategies. As new risks emerge—such as emerging technology—we will continue to assist with policy, doctrine, and process enhancements through state-of-the-art analytics to reprioritize or identify new priorities and establish risk management initiatives to effectively secure the Nation.
Managing risk to critical infrastructure is a priority shared by industry and government. CISA maintains a core portfolio of risk analysis products and services that provide decision-makers across both customer groups with valuable insights into cross-sector risk and cascading impacts, and how to mitigate them to drive risk reduction actions.
CISA’s analytic framework uses sectors and National Critical Functions (NCFs) in order to convey how critical infrastructure entities come together to enable critical functions and assess interdependencies across assets, systems, networks, and technologies that underpin those functions. This comprehensive framework is agile to support strategic assessment of an evolving risk landscape and operational assessment during incident response.
The Analytics Capability Subdivision performs risk assessments, modeling, data management and visualization to understand cross-cutting and cascading critical infrastructure risks. The Subdivision also supports policymaking, process enhancements, and risk management decisions as well as housing the National Infrastructure Simulation and Analysis Center, which builds critical infrastructure risk analytic capabilities.
Visit the Risk Management Topic page to learn more about NRMC's analytic tools.
The data, tools, methods, and partnerships leveraged for analysis must be shaped from the beginning by the goal of reducing risk. Recognizing that the impacts of disruptions can cascade across sectors and jurisdictions, analytic risk insights are more valuable when we understand the context around each risk. Our role integrates sectors, functions, and assets into a clear operating picture.
Risk Services provides structure for collaborative risk management across CISA, other components of the Federal Government, and external partners, helping develop and implement risk management strategies that address the highest priority risks efficiently and effectively.
Election Security and Resilience
Every year, citizens across the United States cast their ballots for the candidates of their choice. Fair and free elections are a hallmark of American democracy. The American people’s confidence in the value of their vote is principally reliant on the security and resilience of the infrastructure that makes the Nation’s elections possible. Accordingly, an electoral process that is both secure and resilient is a vital national interest and one of CISA’s highest priorities.
The Election Security and Resilience (ESR) Subdivision ensures that election infrastructure stakeholders have the information they need to manage risk to elections. ESR coordinates across the federal government and with election partners to engage, assist, and prepare the election community for an ever-evolving risk landscape.
CISA is committed to working collaboratively with those on the front lines of elections—state and local governments, election officials, federal partners, and private sector partners—to manage risks to the Nation’s election infrastructure.
NRMC is dedicated to anticipating and evaluating emerging risks and using those insights to develop timely and actionable risk management advice to help mitigate national-level risks to critical infrastructure. The Strategic Foresight Subdivision leads our efforts to inform NRMC and CISA operational planning and to identify priority risk management topics to reduce the risk of strategic surprise. The Strategic Foresight Subdivision leads our efforts to forecast potential risks, develop mitigation strategies, and accelerate research to enhance the resilience of our critical infrastructure. These activities enable the critical infrastructure community to confront potential risks before they become real-world incidents.
- Learn more about the NRMC Lines of Effort