The National Institute of Standards and Technology (NIST) recently published a draft special publication titled Systems Security Engineering: Resiliency Considerations for the Engineering of Trustworthy Secure Systems (Volume 2), which provides guidance to professionals responsible for the activities and tasks related to the system life cycle processes in NIST’s flagship publication, NIST Special Publication 800-160 Volume 1 (Volume 1). Volume 2 is the first in a series of systems security engineering publications supplementing Volume 1, and describes how to apply cyber resiliency concepts, constructs, and engineering practices, as part of systems security engineering.
Volume 1 built upon well-established international standards for systems and software engineering to describe the actions necessary to develop more defensible and survivable systems. Volume 2 describes cyber resiliency principles that organizations can select and apply to their own systems based on the organization’s threat environment. These principles help organizations address certain types of advanced cyber-threats that have the capability to breach critical systems, establish a presence within those systems often undetected, and inflict immediate and long-term damage to economic and security interests. Among other things, developers could look to the draft publication for guidance on how to increase the security of older legacy systems in order to limit potential hackers’ access in the event of a data breach. NIST is accepting public comments until May 18, 2018.