Monthly Archives: August 2022

Cyber Resiliency Engineering Framework

Cyber resiliency engineering intends to architect, design, develop, implement, maintain, and sustain the trustworthiness of systems with the capability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources. From a risk management perspective, cyber resiliency is intended to help reduce the mission, business, organizational, enterprise, or sector risk of depending on cyber resources.

NIST has published Special Publication (SP) 800-160 Volume 2, Revision 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach. It presents a cyber resiliency engineering framework to aid in understanding and applying cyber resiliency, a concept of use for the framework, and the engineering considerations for implementing cyber resiliency in the system life cycle. The framework constructs include goals, objectives, techniques, implementation approaches, and design principles. Organizations can select, adapt, and use some or all of the cyber resiliency constructs in this publication and apply the constructs to the technical, operational, and threat environments for which systems need to be engineered.

The guidance helps organizations anticipate, withstand, recover from, and adapt to adverse conditions, stresses, and compromises on systems – including hostile and increasingly destructive cyber-attacks from nation-states, criminal gangs, and disgruntled individuals.

Sources:

https://csrc.nist.gov/News/2021/revised-guidance-for-developing-cyber-resiliency
https://csrc.nist.gov/publications/detail/sp/800-160/vol-2-rev-1/final
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-160v2r1.pdf