Skip to main content

US Federal Government

Agencies use RiskLens cyber risk quantification to not just comply with federal directives on risk management, but to guide security initiatives based on cost-benefit analysis.

Watch the Video

Agencies Can’t Manage What They Can’t Measure

Federal agencies struggle to achieve standards for risk such as FISMA’s Maturity Level 4 “Managed and Measurable”, and their FITARA scores suffer. Programs are overwhelmed with POA&M’s that aren’t prioritized by anything other than due date. Risk Portfolios are difficult to prioritize and impossible to aggregate. What’s the problem? Agencies can’t manage what they can’t measure. The solution: Cyber risk quantification with RiskLens.



Increasing Federal Focus on Cyber Risk Management
FISMA, EO 13800, OMB A-123, NIST 800-37 and the NIST CSF all require “risk-based” strategies that determine financial impact and likelihood of loss, with demonstrable cost-benefit analysis for risk management. But the standards don’t tell you how to get there.

Traditional Risk Analysis Methods Aren’t Working
Color-coding risks red-yellow-green or hitting a “maturity score” number based on NIST CSF controls – these are subjective, inconsistent or technical approaches to risk that don’t translate to financial terms. Most importantly, they aren’t making organizations more secure or more cost-effective as agencies struggle to prioritize limited budgets and resources. 

Risk Assessments Are a Missed Opportunity

Risk assessments just for the sake of compliance with federal directives don’t deliver any extra value beyond compliance. They lack any cost-benefit analysis that could focus compliance activities where they would reduce the most measurable risk – a true “risk-based” strategy.

Prioritize POA&Ms and Other Security Decisions

With a platform that’s fast, easy to use and scalable, RiskLens solves the critical issues that bog down many agency risk managers. Prioritize top risks and aggregate them to risk portfolios to coordinate cyber risk management with enterprise risk management (as required by OMB A-123). Prioritize your PO&AMs by sorting them based on probable loss exposure and cost-benefit analysis for mitigation. Identify NIST CSF activities to prioritize. And ultimately align to FISMA maturity level 4 “Managed and Measurable,” as well as a higher FITARA/FISMA component.

Drive Better Communication and Decision-Making

The RiskLens platform rapidly generates financially based risk reporting meaningful to a wide range of stakeholders. You’ll identify your agency’s top risks, overall risk exposure, risk trends over time, and run cost-benefit analysis at scale to determine which risk management activities provide the best return on investment (ROI) – all communicated in non-technical terms that can be clearly related to budget and mission objectives. Put risk management decisions in the hands of the business decision-makers.

Accelerate Risk Analysis, with the Methodology Referenced by NIST

RiskLens accelerates cyber risk analysis, making data collection, quantitative analysis and reporting faster, easier and scalable. But RiskLens is no “black box” – it implements Factor Analysis of Information Risk (FAIR), the methodology referenced in the NIST CSF and the NISTIR 8286 standard on cyber risk and enterprise risk management (the COSO Enterprise Risk Management Framework also references FAIR). With NIST standards at the heart of federal cybersecurity compliance activities, you can be confident that your risk management program will be in line with policies, now and going forward.

Case Study: Federal Agency Determines Cloud Migration Security with RiskLens

Discover how one federal agency used the RiskLens platform, with help from RiskLens services to clarify decisions around its cloud migration project.

Get the Insights

Accelerate Digital Growth.
Optimize Cybersecurity Investment Decisions.

Ask our team of cyber risk experts how we can help you quickly launch a FAIR™ standard CRQ program at your organization.


Insights from RiskLens

View All Insights

Case Study: Regional Financial Institution Communicates Disaster Exposure Using RiskLens

Read More

Introducing FAIR Analysis Training for US Government

Read More

Risk Quantification, the Business Lens for Your Security Operation

Read More