NIST developing new guidance on identifying critical parts of a system

Published: Wednesday, 12 July 2017 10:05

The US National Institute of Standards and Technology (NIST) is requesting comments on a new technical document which will help organizations perform a step-by-step analysis to identify those critical parts of a system that must not fail or be compromised if the system is to successfully support the organization’s mission.

The document, NIST Interagency Report (NISTIR) 8179, Criticality Analysis Process Model, builds on previous NIST guidance such as Special Publication (SP) 800-53 Rev. 4, SP 800-160, and SP 800-161, which emphasized the importance of identifying the critical points in a system, but did not provide a method for doing so.

“This draft report shows people how to perform a criticality analysis that's tailored to their organization,” said NIST cybersecurity expert Jon Boyens, who coauthored the report with his colleague Celia Paulsen. “Each agency will have its own situation. We are developing this for the government, but we want it to be friendly and useful for the private sector.”

Criticality analysis is not only essential to determining high-value assets, it also eliminates debate over ‘return on investment’ in favor of engineering systems that are resilient.

Read the draft guidance (PDF). Details about how to comment are included in the document.