NIST seeks comments on revisions to cyber resilience guidance
- Published: Tuesday, 10 August 2021 08:05
Draft NIST Special Publication (SP) 800-160, Volume 2, Revision 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, turns the traditional perimeter defense / defence strategy on its head and moves organizations toward a cyber resiliency strategy that facilitates defending systems from the inside out instead of from the outside in.
This new guidance helps organizations anticipate, withstand, recover from, and adapt to adverse conditions, stresses, or compromises on systems – including hostile and increasingly destructive cyber attacks from nation states, criminal gangs, and disgruntled individuals.
This major update to NIST’s flagship cyber resiliency publication offers significant new content and support tools for organizations to defend against cyber attacks, including ransomware attacks. The document provides suggestions on how to limit the damage that adversaries can inflict by impeding their lateral movement, increasing their work factor, and reducing their time on target.
The draft publication:
- Updates the controls that support cyber resiliency to be consistent with NIST SP 800-53, Revision 5
- Standardizes a single threat taxonomy
- Provides a detailed mapping and analysis of cyber resiliency implementation approaches and supporting NIST SP 800-53 controls to the ATT&CK framework techniques, mitigations, and candidate mitigations.
The public comment period is open through September 20, 2021. Cick here for a copy of the draft and instructions for submitting comments.