virtual graphic of shield with check mark

Risk Management

Leveraging sector and stakeholder expertise to reduce the most significant risks to the nation.

Overview

In today’s highly connected world, organizations all face more diverse, sophisticated threats—cyber, physical, technological, or natural—that have cross-sector impacts. The evolving risk landscape necessitates an evolved response. 

Risk Management is the process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding, transferring, or mitigating it to an acceptable level considering associated costs and benefits of any actions taken. Effective risk management improves the quality of decision making. While risk cannot always be eliminated, actions can be taken to mitigate risk.

graphic of city skyline and connected network icons

National Risk Management Center

The National Risk Management Center - A critical infrastructure community empowered by actionable risk analysis.

NRMC

CISA's Role

CISA’s National Risk Management Center (NRMC) works with government and industry to identify, analyze, prioritize, and manage the most significant strategic risks to the nation’s 16 critical infrastructure sectors. Since the nation’s critical infrastructure is largely owned and operated by the private sector, managing risk is shared priority. The NRMC facilitates collaboration, coordination and analysis across the private sector, government agencies, and key stakeholders to ensure critical infrastructure is secure and resilient now and in the future.

Featured Content

Secure Tomorrow Series Toolkit

The Toolkit provides a powerful means of increasing risk awareness, identifying risk mitigation solutions, and encouraging systems-level thinking and long-term planning.

National Critical Functions

Functions of government and the private sector so vital to the U.S. that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination the

ICT Supply Chain Risk Management Task Force

A public-private partnership charged to identify and develop consensus risk management strategies to enhance global ICT supply chain security

Space Systems Initiative

CISA works with public and private sector partners to advance space system security and resilience by identifying and assessing risks and expanding industry and international partnerships to ensure the responsible use of space.

Risk Management Resources

View all publications

Secure by Design Alert: Eliminating Buffer Overflow Vulnerabilities

FEB 12, 2025 | FACT SHEET, PUBLICATION
This Secure by Design Alert is part of an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle.
Download File (PDF, 521.92 KB)

Guidance and Strategies to Protect Network Edge Devices

FEB 04, 2025 | EXTERNAL, PUBLICATION
View Files

Mobile Communications Best Practice Guidance

DEC 18, 2024 | PUBLICATION
Download File (PDF, 381.52 KB)

Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers

OCT 24, 2024 | PUBLICATION
This guidance aids software manufacturers in implementing a safe software deployment process with robust testing and measurement components.
Download File (PDF, 777.72 KB)
View all publications

Contact Us

For questions or comments, email NRMC@hq.dhs.gov.