New NIST Guide on Developing Cyber Resilience

New NIST Guide on Developing Cyber Resilience

NIST has announced the release of NIST Special Publication (SP) 800-160 Volume 2, Developing Cyber Resilient Systems: A Systems Engineering Approach, which is the first in a series of specialty publications developed to support NIST SP 800-160 Volume 1.

The new document provides a handbook for achieving cyber resiliency outcomes based on a systems engineering perspective on system life cycle processes in conjunction with risk management processes.

Organisations can select, adapt, and use some or all of the cyber resiliency constructs described in this publication and apply the constructs to the technical, operational, and threat environments for which systems need to be engineered.

The system life cycle processes and cyber resiliency constructs can be used for new systems, system upgrades, or repurposed systems; can be employed at any stage of the system life cycle; and can take advantage of any system or software development methodology including, for example, waterfall, spiral, or agile.

The processes and associated cyber resiliency constructs can also be applied recursively, iteratively, concurrently, sequentially, or in parallel and to any system regardless of its size, complexity, purpose, scope, environment of operation, or special nature.

GRC Services has always advocated “security by design”. This Guide will help in achieving that goal. You can obtain the document here.