<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<title>NIST Revises Guidance for Developing Cyber-Resilient Systems</title>
<style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
h1
{mso-style-priority:9;
mso-style-link:"Heading 1 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:24.0pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
h2
{mso-style-priority:9;
mso-style-link:"Heading 2 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:18.0pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
h3
{mso-style-priority:9;
mso-style-link:"Heading 3 Char";
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:13.5pt;
font-family:"Calibri",sans-serif;
font-weight:bold;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
span.Heading1Char
{mso-style-name:"Heading 1 Char";
mso-style-priority:9;
mso-style-link:"Heading 1";
font-family:"Calibri Light",sans-serif;
color:#2F5496;}
span.Heading2Char
{mso-style-name:"Heading 2 Char";
mso-style-priority:9;
mso-style-link:"Heading 2";
font-family:"Calibri Light",sans-serif;
color:#2F5496;}
span.Heading3Char
{mso-style-name:"Heading 3 Char";
mso-style-priority:9;
mso-style-link:"Heading 3";
font-family:"Calibri Light",sans-serif;
color:#1F3763;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:137461714;
mso-list-template-ids:-482069466;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1
{mso-list-id:1544057550;
mso-list-template-ids:978747830;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" style="border-collapse:collapse">
<tbody>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt"><a name="gd_top"></a></td>
<span style="mso-bookmark:gd_top"></span>
</tr>
</tbody>
</table>
<span style="mso-bookmark:gd_top"></span>
<p class="MsoNormal"><span lang="EN"><o:p> </o:p></span></p>
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%" id="yahoo">
<tbody>
<tr>
<td style="background:#F2F2F2;padding:0in 0in 0in 0in" id="columns-bg">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="600" style="width:6.25in;border-collapse:collapse">
<tbody>
<tr>
<td style="padding:0in 0in 0in 0in" id="left-column">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:white;border-collapse:collapse">
<tbody>
<tr>
<td style="background:black;padding:0in 0in 0in 0in">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr>
<td width="50%" valign="top" style="width:50.0%;padding:0in 0in 0in 0in">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" align="left" width="100%" style="width:100.0%;border-collapse:collapse;margin-left:-2.25pt;margin-right:-2.25pt">
<tbody>
<tr>
<td width="100%" style="width:100.0%;padding:7.5pt 11.25pt 7.5pt 11.25pt">
<p class="MsoNormal"><img width="107" height="32" style="width:1.118in;height:.3333in" id="_x0000_i1027" src="https://content.govdelivery.com/attachments/fancy_images/USNIST/2019/04/2487463/2805250/nist_crop.png" alt="NIST"><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</td>
<td width="50%" valign="top" style="width:50.0%;padding:0in 0in 0in 0in" id="right-column">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" align="left" width="100%" style="width:100.0%;border-collapse:collapse;margin-left:-2.25pt;margin-right:-2.25pt">
<tbody>
<tr>
<td width="100%" style="width:100.0%;padding:6.0pt 11.25pt 0in 11.25pt;-ms-word-break: break-all;word-break:break-word;-webkit-hyphens: none;-moz-hyphens: none;hyphens: none">
<p align="right" style="text-align:right"><span style="font-size:10.0pt;font-family:"Helvetica",sans-serif;color:#E8B40F"><a href="https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NvbnRlbnQuZ292ZGVsaXZlcnkuY29tL2FjY291bnRzL1VTTklTVC9idWxsZXRpbnMvMmZmYjQ4NSJ9.sewrQCXUFne1SnhNKX1t7o8AdFHU7bLCAwp5CedDDwE/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1Jkii1yJU$" target="_blank" title="View As Web Page"><span style="color:#E8B40F">View
As Web Page</span></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in" id="main-header">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr>
<td width="100%" style="width:100.0%;padding:0in 0in 0in 0in">
<p class="MsoNormal"><img border="0" width="600" height="154" style="width:6.25in;height:1.6041in" id="_x0000_i1026" src="https://content.govdelivery.com/attachments/fancy_images/USNIST/2019/09/2800392/cyber-header_original.png" alt="Header"><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in" id="main-date">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr>
<td width="100%" style="width:100.0%;background:#666666;padding:7.5pt 11.25pt 7.5pt 11.25pt">
<h1><span style="font-size:19.5pt;font-family:"Helvetica",sans-serif;color:white">NIST Cybersecurity and Privacy Program<o:p></o:p></span></h1>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in" id="main-body">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr>
<td width="100%" style="width:100.0%;padding:11.25pt 11.25pt 11.25pt 11.25pt">
<h2><span style="font-size:19.5pt;font-family:"Helvetica",sans-serif;color:black">Developing Cyber-Resilient Systems: A Systems Security Engineering Approach: NIST Publishes SP 800-160 Vol. 2, Revision 1<o:p></o:p></span></h2>
<p><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:black">NIST announces the release of a major update to Special Publication (SP) 800-160 Volume 2, Revision 1,
<em><span style="font-family:"Helvetica",sans-serif"><a href="https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL2RldGFpbC9zcC84MDAtMTYwL3ZvbC0yLXJldi0xL2ZpbmFsIn0.7NBfkX5tASq3n3LkuBKJ0zc4TIgbWziwDz9gy8_yriE/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1JFfi_gO4$"><span style="color:#1F89C1">Developing
Cyber-Resilient Systems: A Systems Security Engineering Approach</span></a></span></em>. The guidance helps organizations anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and compromises on systems – including hostile and increasingly
destructive cyber-attacks from nation-states, criminal gangs, and disgruntled individuals.<o:p></o:p></span></p>
<p><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:black">This update to NIST’s flagship cyber resiliency publication offers significant new content and support tools for organizations to defend against cyber-attacks. The document suggests
how to limit the damage that adversaries can inflict by impeding their lateral movement, increasing their work factor, and reducing their time on target. In particular, SP 800-160, Volume 2, Revision 1:<o:p></o:p></span></p>
<ul style="margin-top:0in" type="disc">
<li class="MsoNormal" style="color:black;margin-bottom:5.25pt;mso-list:l1 level1 lfo3">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Updates the controls that support cyber resiliency to be consistent with SP 800-53, Revision 5<o:p></o:p></span></li><li class="MsoNormal" style="color:black;margin-bottom:5.25pt;mso-list:l1 level1 lfo3">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Standardizes a single threat taxonomy and framework<o:p></o:p></span></li><li class="MsoNormal" style="color:black;margin-bottom:5.25pt;mso-list:l1 level1 lfo3">
<span style="font-size:10.5pt;font-family:"Helvetica",sans-serif">Provides a detailed mapping and analysis of cyber resiliency implementation approaches and supporting controls to the framework techniques, mitigations, and candidate mitigations<o:p></o:p></span></li></ul>
<p><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:black">The publication also adds a new appendix containing an analysis of the potential effects of cyber resiliency on adversary tactics, techniques, and procedures used to attack operational
technologies, including industrial control systems (ICS). The analysis shows how cyber resiliency approaches and controls described in NIST guidance can be used to reduce the risks associated with adversary actions that threaten ICSs and critical infrastructure
sectors. <o:p></o:p></span></p>
<h3 style="mso-margin-top-alt:15.0pt;margin-right:0in;margin-bottom:15.0pt;margin-left:0in">
<span style="font-size:13.0pt;font-family:"Helvetica",sans-serif;color:black"><a href="https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL2RldGFpbC9zcC84MDAtMTYwL3ZvbC0yLXJldi0xL2ZpbmFsIn0.8I3GYLqoFlyX9bdN_OrX6SfuOTKiA806sQ7BlRfzd0Q/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1JhkbeOKA$" target="_blank" title="Read More"><span style="color:white;border:solid #0076C2 6.0pt;padding:0in;background:#0076C2;text-decoration:none">Read
More</span></a><o:p></o:p></span></h3>
<p><span style="font-size:10.5pt;font-family:"Helvetica",sans-serif;color:black">NIST Cybersecurity and Privacy Program<br>
NIST Computer Security Division (CSD)<br>
Questions/Comments about this notice: <a href="mailto:security-engineering@nist.gov">
<span style="color:#1F89C1">security-engineering@nist.gov</span></a><br>
CSRC Website questions: <a href="mailto:webmaster-csrc@nist.gov"><span style="color:#1F89C1">webmaster-csrc@nist.gov</span></a><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
<tr>
<td style="padding:0in 0in 0in 0in" id="main-footer">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;border-collapse:collapse">
<tbody>
<tr>
<td width="100%" style="width:100.0%;padding:0in 0in 0in 0in"></td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<div id="mail_footer">
<p class="MsoNormal"><span lang="EN"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image002.png@01D7ECD4.BE7576B0"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="EN"><o:p> </o:p></span></p>
</div>
</body>
</html>