[CDP-development] NIST Revises Guidance for Developing Cyber-Resilient Systems

Thu Dec 9 08:15:32 PST 2021

FYSA

[NIST]

View As Web Page<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NvbnRlbnQuZ292ZGVsaXZlcnkuY29tL2FjY291bnRzL1VTTklTVC9idWxsZXRpbnMvMmZmYjQ4NSJ9.sewrQCXUFne1SnhNKX1t7o8AdFHU7bLCAwp5CedDDwE/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1Jkii1yJU$>
[Header]
NIST Cybersecurity and Privacy Program
Developing Cyber-Resilient Systems: A Systems Security Engineering Approach: NIST Publishes SP 800-160 Vol. 2, Revision 1

NIST announces the release of a major update to Special Publication (SP) 800-160 Volume 2, Revision 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL2RldGFpbC9zcC84MDAtMTYwL3ZvbC0yLXJldi0xL2ZpbmFsIn0.7NBfkX5tASq3n3LkuBKJ0zc4TIgbWziwDz9gy8_yriE/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1JFfi_gO4$>. The guidance helps organizations anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and compromises on systems - including hostile and increasingly destructive cyber-attacks from nation-states, criminal gangs, and disgruntled individuals.

This update to NIST's flagship cyber resiliency publication offers significant new content and support tools for organizations to defend against cyber-attacks. The document suggests how to limit the damage that adversaries can inflict by impeding their lateral movement, increasing their work factor, and reducing their time on target. In particular, SP 800-160, Volume 2, Revision 1:

  *   Updates the controls that support cyber resiliency to be consistent with SP 800-53, Revision 5
  *   Standardizes a single threat taxonomy and framework
  *   Provides a detailed mapping and analysis of cyber resiliency implementation approaches and supporting controls to the framework techniques, mitigations, and candidate mitigations

The publication also adds a new appendix containing an analysis of the potential effects of cyber resiliency on adversary tactics, techniques, and procedures used to attack operational technologies, including industrial control systems (ICS). The analysis shows how cyber resiliency approaches and controls described in NIST guidance can be used to reduce the risks associated with adversary actions that threaten ICSs and critical infrastructure sectors.

Read More<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL2RldGFpbC9zcC84MDAtMTYwL3ZvbC0yLXJldi0xL2ZpbmFsIn0.8I3GYLqoFlyX9bdN_OrX6SfuOTKiA806sQ7BlRfzd0Q/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1JhkbeOKA$>

NIST Cybersecurity and Privacy Program
NIST Computer Security Division (CSD)
Questions/Comments about this notice: security-engineering at nist.gov<mailto:security-engineering at nist.gov>
CSRC Website questions: webmaster-csrc at nist.gov<mailto:webmaster-csrc at nist.gov>

Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D7ECD4.BE7576B0]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211209/6f3d4eae/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211209/6f3d4eae/attachment-0001.png>