Currently most agencies manage risk using a tactical, system-by-system approach. The new framework would use a three-tiered risk management approach that would move from organization to missions to information systems.

NIST hopes the new approach will allow senior leaders and executives to strategically manage risks.

This story is part of Federal News Radio's daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.