Date Published: July 2017
Comments Due:
Email Questions to:
Author(s)
Celia Paulsen (NIST), Jon Boyens (NIST), Nadya Bartol (Boston Consulting Group), Kris Winkler (Boston Consulting Group)
Announcement
NIST is seeking comments on NIST IR 8179, Criticality Analysis Process Model. This publication describes a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss may present to those goals.
In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the missions that they support. However, in the world of finite resources, it is not possible to apply equal protection to all assets. This publication describes a comprehensive Criticality Analysis Process Model – a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss may present to those goals. A criticality analysis can help organizations identify and better understand the systems, subsystems, components and subcomponents that are most essential to their operations and the environment in which they operate. That understanding facilitates better decision making related to the management of an organization’s information assets, including information security risk management, project management, acquisition, maintenance, and upgrade decisions. The Model is structured to logically follow how organizations design and implement projects and systems, can be used as a component of a holistic and comprehensive risk management approach that considers all risks, and can be used with a variety of risk management standards and guidelines.
In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the missions that they support. However, in the world...
See full abstract
In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the missions that they support. However, in the world of finite resources, it is not possible to apply equal protection to all assets. This publication describes a comprehensive Criticality Analysis Process Model – a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss may present to those goals. A criticality analysis can help organizations identify and better understand the systems, subsystems, components and subcomponents that are most essential to their operations and the environment in which they operate. That understanding facilitates better decision making related to the management of an organization’s information assets, including information security risk management, project management, acquisition, maintenance, and upgrade decisions. The Model is structured to logically follow how organizations design and implement projects and systems, can be used as a component of a holistic and comprehensive risk management approach that considers all risks, and can be used with a variety of risk management standards and guidelines.
Hide full abstract
Keywords
criticality analysis; critical components; critical programs; critical systems; information security; prioritizing components; prioritizing programs; prioritizing systems; prioritization; criticality; baseline criticality
Control Families
Incident Response; Maintenance; Planning; Program Management; Risk Assessment; System and Services Acquisition; System and Information Integrity