NIST asks for comments on new cyber resilience guidance
- Published: Monday, 09 September 2019 14:07
The US NIST is seeking comments on the Final Public Draft of NIST Special Publication (SP) 800-160 Volume 2, Developing Cyber Resilient Systems: A Systems Security Engineering Approach.
The public comment period closes on November 1, 2019.
Draft NIST SP 800-160, Volume 2 presents the cyber resiliency engineering framework (conceptual framework) for understanding and applying cyber resiliency, which NIST says is ‘a concept of use for the conceptual framework, and specific engineering considerations for implementing cyber resiliency in the system life cycle’.
Draft NIST SP 800-160, Volume 2, also identifies considerations for determining which cyber resiliency constructs are most relevant to a system-of-interest and a tailorable cyber resiliency analysis process to apply the selected cyber resiliency concepts, constructs, and practices to a system. The cyber resiliency analysis ‘is intended to determine whether the cyber resiliency properties and behaviors of a system-of-interest, wherever it is in the life cycle, are sufficient for the organization using that system to meet its mission assurance, business continuity, or other security requirements’.
This publication is designed for use in conjunction with NIST SP 800-160 Volume 1, ‘Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems” and NIST SP 800-37, ‘Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.’