NIST unveils ‘flexible’ second draft for agency cybersecurity

May 5, 2016

No two agencies are exactly alike, nor are cyber threats all the same — that’s why the National Institute of Standards and Technology’s latest version of system security guidance can be adjusted for fit.

Systems Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems — NIST Special Publication 800-160 — is a guide for helping agencies and organizations assign value to their assets and choose the right set of tools that works best to secure their systems.

“This publication is designed to be extremely flexible in its application to meet the diverse needs of organizations,” the document states. “It is not intended to provide a specific recipe for execution — rather, it is a catalog or handbook for achieving the identified security outcomes of each systems engineering process, leaving it to the experience and expertise of the engineering organization to determine what is correct for their purpose. Organizations choosing to use this guidance for their systems security engineering efforts can select and employ some or all of the thirty ISO/IEC/IEEE 15288 processes and some or all of the security‐related activities and tasks defined for each process.”

Read full story…