Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Cybersecurity & Infrastructure Security Agency
America's Cyber Defense Agency

Search

 
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help Locally
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
    Work @ CISA
  • About
    Culture
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Contact Us
    Site Links
    Reporting Employee and Contractor Misconduct
    CISA GitHub
Report a Cyber Issue
America's Cyber Defense Agency
Breadcrumb
  1. Home
  2. Topics
Share:
Image with cyber lock icon inside.

Risk Management

CISA leverages sector and stakeholder expertise to identify the most significant risks to the nation and to coordinate risk reduction activities.

Risk Management

  • 5G Security and Resilience
  • Electromagnetic Pulse and Geomagnetic Disturbance
  • Federal Facility Security
  • National Critical Functions
  • Pipeline Cybersecurity
  • Positioning, Navigation, and Timing
  • Secure Tomorrow Series
  • Coronavirus

Overview

In today’s digitizing world, as organizations are increasingly integrating cyber systems into their operations, they are also facing more diverse, sophisticated threats— cyber, physical, technological, or natural—that may have cross-sector impacts. The evolving risk landscape necessitates an evolved response. 

Risk Management is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or controlling it to an acceptable level considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. While risk often cannot be eliminated, actions can usually be taken to control risk. 

CISA’s Role

CISA works with government and industry to identify, analyze, prioritize, and manage the most significant strategic risks to the nation’s critical infrastructure. Since the nation’s critical infrastructure is largely owned and operated by the private sector, managing risk is shared priority. CISA creates an environment where the private sector, government agencies, and key stakeholders can collaborate, share expertise, and coordinate risk reduction activities to ensure critical infrastructure is secure and resilient now and into the future. 

Featured Content

Secure Tomorrow Series Toolkit

The Toolkit provides a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning.

National Critical Functions

Functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination the

ICT Supply Chain Risk Management Task Force

A public-private partnership charged to identify and develop consensus risk management strategies to enhance global ICT supply chain security

Related News

Discover the latest CISA news on risk management. 

CISA Releases New Insight on Preparing Critical Infrastructure for the Transition to Post-Quantum Cryptography

Provides critical infrastructure and government network owners and operators an overview of the potential impacts from quantum computing to National Critical Functions (NCFs) and the recommended actions they should take now to begin preparing.

Secure Tomorrow Series Toolkit: Using Strategic Foresight to Prepare for the Future

The Secure Tomorrow Series is a unique platform that brings together SMEs, thought leaders, and others from academia, think tanks, the private sector, and National Labs to think proactively about future risks.

ICT Supply Chain Risk Management Task Force Announces new members and Working Group

Government and industry members of the Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force gathered today to announce new members and map out the Task Force’s 2022 workplan.

Risk Management Resources

View all publications

Securing Small and Medium-Sized Business (SMB) Supply Chains: A Resource Handbook to Reduce Information and Communication Technology Risks

JAN 26, 2023 | PUBLICATION
This handbook provides an overview of the highest supply chain risk categories commonly faced by ICT small and medium-sized businesses (SMBs), including cyber risks, and resources that can assist SMBs.
Download File (PDF, 580.12 KB)

Preparing Critical Infrastructure for Post-Quantum Cryptography

AUG 24, 2022 | ALERT
This guide provides critical infrastructure and government network owners and operators an overview of potential impacts from quantum computing to National Critical Functions (NCFs) and the suggested mitigation actions.

National Critical Functions Set

To maintain our national safety, the security and effectiveness of these critical functions must remain a top priority.
View all publications

Contact Us

For questions or comments, email NRMC@hq.dhs.gov.

Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 888-282-0870 Central@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Accessibility
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • The White House
  • USA.gov
  • Website Feedback