U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

Secure websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to our website. Please do not share sensitive information with us.

Developing Cyber-Resilient Systems: A Systems Security Engineering Approach: NIST Publishes SP 800-160 Vol. 2, Revision 1
December 09, 2021

NIST announces the release of a major update to Special Publication (SP) 800-160 Volume 2, Revision 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach. The guidance helps organizations anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and compromises on systems – including hostile and increasingly destructive cyber-attacks from nation-states, criminal gangs, and disgruntled individuals.

This update to NIST’s flagship cyber resiliency publication offers significant new content and support tools for organizations to defend against cyber-attacks. The document suggests how to limit the damage that adversaries can inflict by impeding their lateral movement, increasing their work factor, and reducing their time on target. In particular, SP 800-160, Volume 2, Revision 1:

  • Updates the controls that support cyber resiliency to be consistent with SP 800-53, Revision 5
  • Standardizes a single threat taxonomy and framework
  • Provides a detailed mapping and analysis of cyber resiliency implementation approaches and supporting controls to the framework techniques, mitigations, and candidate mitigations

The publication also adds a new appendix containing an analysis of the potential effects of cyber resiliency on adversary tactics, techniques, and procedures used to attack operational technologies, including industrial control systems (ICS). The analysis shows how cyber resiliency approaches and controls described in NIST guidance can be used to reduce the risks associated with adversary actions that threaten ICSs and critical infrastructure sectors.

Related Topics

Security and Privacy: advanced persistent threats, resilience, risk assessment

Created December 09, 2021