Date Published: August 2021
Comments Due: September 20, 2021 (public comment period is CLOSED)
Email Questions to: security-engineering@nist.gov
, , , ,
Cyber attacks are a reality. Sometimes even with the best protective measures in place, adversaries can breach perimeter defenses and find their way into systems.
Draft NIST Special Publication (SP) 800-160, Volume 2, Revision 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, turns the traditional perimeter defense strategy on its head and moves organizations toward a cyber resiliency strategy that facilitates defending systems from the inside out instead of from the outside in. This guidance helps organizations anticipate, withstand, recover from, and adapt to adverse conditions, stresses, or compromises on systems – including hostile and increasingly destructive cyber attacks from nation states, criminal gangs, and disgruntled individuals.
This major update to NIST’s flagship cyber resiliency publication offers significant new content and support tools for organizations to defend against cyber attacks, including ever-growing and destructive ransomware attacks. The document provides suggestions on how to limit the damage that adversaries can inflict by impeding their lateral movement, increasing their work factor, and reducing their time on target.
In particular, the draft publication:
NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
SP 800-160 Vol. 2 Rev. 1 (Draft) (DOI)
Local Download
Supplemental Material:
Systems Security Engineering (SSE) Project (web)
Document History:
08/05/21: SP 800-160 Vol. 2 Rev. 1 (Draft)
12/09/21: SP 800-160 Vol. 2 Rev. 1 (Final)
Security and Privacy
advanced persistent threats; resilience; risk assessment