Tech

NIST revises flagship cyber resiliency guidance

The revised controls are mapped to MITRE's ATT&CK threat framework.

August 5, 2021

BOULDER, CO - OCTOBER 9: The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) building is seen October 9, 2012 in Boulder, Colorado. David J. Wineland, a physicist at NIST, won the 2012 Nobel Prize in Physics for "ground-breaking experimental methods that enable measuring and manipulation of individual quantum systems." Wineland has worked at NIST for 37 years and is internationally recognized for his research on trapped ions. (Photo by Dana Romanoff/Getty Images)

The National Institute of Standards and Technology released the first-ever revision to its flagship cyber resiliency guidance with updated controls and a single threat taxonomy Thursday.

NIST updated Special Publication (SP) 800-160 Vol. 2 to align cyber resilience controls with SP 800-53 Rev. 5 security and privacy controls for agencies’ and industry’s IT systems, as well as map it to MITRE’s ATT&CK threat framework.

A product of the NIST Systems Security Engineering initiative, the guidance reflects the latest cyber resiliency implementation approaches for engineers to address known hacker tactics laid out in the ATT&CK framework.

“The goal of the NIST Systems Security Engineering initiative is to address security, safety and resiliency issues from the perspective of stakeholder requirements and protection needs, using established engineering processes to ensure that those requirements and needs are addressed across the entire system life cycle to develop more trustworthy systems,” reads the revised guidance.

Cyber resiliency engineers design and maintain systems that anticipate, withstand, recover from and adapt to stresses, attacks and compromises — thereby reducing risk to agencies.

The guidance provides a cyber resiliency engineering framework complete with a tailorable analysis agencies can use to determine whether a system of theirs, no matter how old, is at risk of being compromised by advanced persistent threats.

Technical appendices supplement that framework with:

background and contextual information on cyber resiliency;
detailed descriptions of goals, objectives, techniques, implementation approaches, and design principles;
mutually beneficial controls in corresponding the SP 800-53; and
language used to describe the effects of current threat mitigations.

NIST revises flagship cyber resiliency guidance

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

Scientists must be empowered — not replaced — by AI, report to White House argues

Top Stories

DOJ seeks public input on AI use in criminal justice system

GSA taps Login.gov deputy director to take top role next month

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

Oracle approved to handle government secret-level data

More Scoops

Cybersecurity executive order requirements are nearly complete, GAO says

Department of Commerce announces US, UK AI safety partnership

MITRE launches lab to test federal government AI risks

NSF, NIST appropriations cuts met with disappointment as Biden seeks increases

Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

Bipartisan Senate proposal calls for AI workforce framework from NIST

New legislation would give NIST drone cybersecurity responsibilities

Latest Podcasts

NIST revises flagship cyber resiliency guidance

Scientists Must Be Empowered, Not Replaced by AI

Leveraging modern access management to achieve zero trust

The role of the federal chief AI officer

Tech

Defense

Cyber

Acquisition