[oagitm] NIST Revises Guidance for Developing Cyber-Resilient Systems
- From: "MASSE THERESA" <dmarc-noreply@xxxxxxxxxxxxx> ("theresa.masse")
- To: "oagitm@xxxxxxxxxxxxx" <oagitm@xxxxxxxxxxxxx>
- Date: Thu, 9 Dec 2021 16:14:18 +0000
FYSA
<https://content.govdelivery.com/attachments/fancy_images/USNIST/2019/04/2487463/2805250/nist_crop.png>
View As Web
Page<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NvbnRlbnQuZ292ZGVsaXZlcnkuY29tL2FjY291bnRzL1VTTklTVC9idWxsZXRpbnMvMmZmYjQ4NSJ9.sewrQCXUFne1SnhNKX1t7o8AdFHU7bLCAwp5CedDDwE/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1Jkii1yJU$>
<https://content.govdelivery.com/attachments/fancy_images/USNIST/2019/09/2800392/cyber-header_original.png>
NIST Cybersecurity and Privacy Program
Developing Cyber-Resilient Systems: A Systems Security Engineering Approach:
NIST Publishes SP 800-160 Vol. 2, Revision 1
NIST announces the release of a major update to Special Publication (SP)
800-160 Volume 2, Revision 1, Developing Cyber-Resilient Systems: A Systems
Security Engineering
Approach<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDEsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL2RldGFpbC9zcC84MDAtMTYwL3ZvbC0yLXJldi0xL2ZpbmFsIn0.7NBfkX5tASq3n3LkuBKJ0zc4TIgbWziwDz9gy8_yriE/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1JFfi_gO4$>.
The guidance helps organizations anticipate, withstand, recover from, and
adapt to adverse conditions, stresses, and compromises on systems - including
hostile and increasingly destructive cyber-attacks from nation-states, criminal
gangs, and disgruntled individuals.
This update to NIST's flagship cyber resiliency publication offers significant
new content and support tools for organizations to defend against
cyber-attacks. The document suggests how to limit the damage that adversaries
can inflict by impeding their lateral movement, increasing their work factor,
and reducing their time on target. In particular, SP 800-160, Volume 2,
Revision 1:
* Updates the controls that support cyber resiliency to be consistent
with SP 800-53, Revision 5
* Standardizes a single threat taxonomy and framework
* Provides a detailed mapping and analysis of cyber resiliency
implementation approaches and supporting controls to the framework techniques,
mitigations, and candidate mitigations
The publication also adds a new appendix containing an analysis of the
potential effects of cyber resiliency on adversary tactics, techniques, and
procedures used to attack operational technologies, including industrial
control systems (ICS). The analysis shows how cyber resiliency approaches and
controls described in NIST guidance can be used to reduce the risks associated
with adversary actions that threaten ICSs and critical infrastructure sectors.
Read
More<https://urldefense.us/v3/__https:/lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDIsInVyaSI6ImJwMjpjbGljayIsImJ1bGxldGluX2lkIjoiMjAyMTEyMDkuNTAwMTg5NjEiLCJ1cmwiOiJodHRwczovL2NzcmMubmlzdC5nb3YvcHVibGljYXRpb25zL2RldGFpbC9zcC84MDAtMTYwL3ZvbC0yLXJldi0xL2ZpbmFsIn0.8I3GYLqoFlyX9bdN_OrX6SfuOTKiA806sQ7BlRfzd0Q/s/677563908/br/122669659576-l__;!!BClRuOV5cvtbuNI!Xxn9FUb5JTMF8n39SA_fBi8WTXz-k8N56k4gH-TbE8T1AuUbzZ0hUaatfv1JhkbeOKA$>
NIST Cybersecurity and Privacy Program
NIST Computer Security Division (CSD)
Questions/Comments about this notice:
security-engineering@xxxxxxxx<mailto:security-engineering@xxxxxxxx>
CSRC Website questions: webmaster-csrc@xxxxxxxx<mailto:webmaster-csrc@xxxxxxxx>
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>
Other related posts:
- » [oagitm] NIST Revises Guidance for Developing Cyber-Resilient Systems - MASSE THERESA
