The National Institute of Standards and Technology (NIST) has released the initial public draft of NIST Special Publication 800-160 Volume 2, Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems, which provides guidelines to help organizations address Advanced Persistent Threats (APT). APTs are threats to IT infrastructure of targeted organizations, orchestrated for purposes of exfiltrating information, undermining, or impeding critical aspects of a mission, program, or organization. This publication is intended to be used in conjunction with NIST Special Publication 800-160 Volume 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, an update to SP 800-160 which is also being released today.
Draft Special Publication 800-160 Volume 2 can be viewed as a handbook for achieving cyber resiliency, which is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cybersecurity resources. Organizations can select, adapt, and use some or all of the cyber resiliency constructs described in this publication and apply them to the technical, operational, and threat environments for which systems need to be engineered.
CSRC Update: https://csrc.nist.gov/news/2018/draft-sp-800-160-vol-2-released
Publication Details: https://csrc.nist.gov/publications/detail/sp/800-160/vol-2/draft