NIST unveils new approach to risk management: The National Institute of Standards and Technology unveiled a new approach to how federal agencies and their contractors manage information security risk. Currently most agencies manage risk using a tactical, system-by-system approach. The new framework would use a three-tiered risk management approach that would move from organization to missions to information systems.