What document is associated with managing information security risk according to NIST?

The document associated with managing information security risk according to NIST is NIST SP 800-39. This publication provides a comprehensive framework for the risk management process and emphasizes the importance of a consistent and systematic approach to managing information security risk across the organization. It focuses on integrating risk management into the organization's overall governance framework and highlights the need for continuous monitoring and improvement.

The 800-39 document outlines a structured approach to risk management, including the identification of risks, assessment of risk, and the implementation of measures to mitigate those risks. By providing guidelines and best practices for organizations to follow, it serves as a critical resource for establishing effective risk management strategies and maintenance.

In contrast, while other documents such as SP 800-37 relates to the risk management framework for federal information systems, and SP 800-30 offers guidance on conducting risk assessments, NIST SP 800-39 uniquely emphasizes the holistic approach to managing risks in information security, making it the right choice in this context.