NIST Releases a Major Update to Special Publication (SP) 800-160, Volume 2

December 13, 2021 - NIST Special Publication (SP) 800-160, Volume 2, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with systems security engineering and resilience engineering to develop survivable, trustworthy secure systems.

NIST’s flagship cyber resiliency publication should be viewed as a handbook for achieving the identified cyber resiliency outcomes based on a systems engineering perspective on system life cycle and risk management processes. This update offers significant new content and support tools for organizations to defend against cyber-attacks. The document provides suggestions on how to limit the damage that adversaries can inflict by impeding their lateral movement, increasing their work factor, and reducing their time on target. Specifically,

  • Updates the controls that support cyber resiliency to be consistent with SP 800-53, Revision 5

  • Standardizes a single threat taxonomy and framework

  • Provides a detailed mapping and analysis of cyber resiliency implementation approaches and supporting controls to the framework techniques, mitigations, and candidate mitigations

More on the updates can be obtained from NIST at this link.