virtual graphic of shield with check mark

Risk Management

Leveraging sector and stakeholder expertise to reduce the most significant risks to the nation.

In today’s highly connected world, organizations all face more diverse, sophisticated threats—cyber, physical, technological, or natural—that have cross-sector impacts. The evolving risk landscape necessitates an evolved response. 

Risk Management is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or mitigating it to an acceptable level considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. While risk cannot always be eliminated, actions can be taken to mitigate risk.

Since the nation’s critical infrastructure is largely owned and operated by the private sector, managing risk is shared priority.

graphic of city skyline and connected network icons

National Risk Management Center

CISA’s National Risk Management Center (NRMC) works with government and industry to identify, analyze, prioritize, and manage the most significant strategic risks to the nation’s 16 critical infrastructure sectors. 

NRMC

Featured Content

Secure Tomorrow Series Toolkit Icon

Secure Tomorrow Series Toolkit

The Toolkit provides a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning.

icon of a screwdriver and a wrench

National Critical Functions

Functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination the

graphic of the globe viewed from space

Space Systems Initiative

CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.

Space Systems Initiative

CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.

Helpful Resources

View all publications

Secure by Design Alert: Eliminating Buffer Overflow Vulnerabilities

FEB 12, 2025 | FACT SHEET, PUBLICATION
This Secure by Design Alert is part of an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle.
Download File (PDF, 521.92 KB)

Mobile Communications Best Practice Guidance

DEC 18, 2024 | PUBLICATION
Download File (PDF, 381.52 KB)

Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers

OCT 24, 2024 | PUBLICATION
This guidance aids software manufacturers in implementing a safe software deployment process with robust testing and measurement components.
Download File (PDF, 777.72 KB)

Connected Communities Guidance: Zero Trust to Protect Interconnected Systems

AUG 29, 2024 | PUBLICATION
This publication serves as user-friendly guidance for connected communities to better understand the risks associated with interconnected systems and how zero trust principles can be an effective mitigation approach to better protect their networks.
Download File (PDF, 652.82 KB)
View all publications

Contact Us

For questions or comments, email NRMC@hq.dhs.gov.