What NIST Pub superseded the original SP 800-30 as the primary source for guidance on risk management?

This question tests how NIST shifted risk guidance from a narrow focus on assessment to a broader, organization-wide approach. SP 800-39 introduces an enterprise-wide risk management framework that coordinates risk across the whole organization—its missions, business lines, and information systems—and ties risk decisions to the organization’s risk appetite and objectives. It sits alongside and integrates with other NIST guidance like the RMF (SP 800-37) and security controls (SP 800-53), making it the go-to resource for overall risk management. Because of that broader scope, SP 800-39 supersedes SP 800-30 as the primary source for risk management guidance. The other publications serve different purposes: SP 800-30 is about risk assessment, SP 800-53 covers controls, and SP 800-61 focuses on incident handling.