The National Institute of Standards and Technology (NIST) will be releasing the second volume of an engineering-based guidance that aims at assisting organizations with Advanced Persistent Threats (APT) on September 5, 2019.
Speaking at the 930Gov Conference in D.C. today, NIST Fellow Ron Ross, Ph.D., spoke about the final draft of the multidimensional protection strategy – which will likely undergo a 30-45 day review process and seek public comments – and is billed as a guidance that is centered around cyber resiliency, he said.
Dr. Ross compared Volume 2 of Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems to giving vulnerable systems an immune system to defend against cyber threats.
“This is giving those brittle, vulnerable systems today, an immune system. Volume 2 is a guidance that allows a system to operate more like a human body,” Dr. Ross said.
Volume 1 of this guidance was released back in 2016, while the initial draft of Volume 2 was published in March 2018. The two communities of interest the draft aims to target are:
- Organizations developing new IT component products, systems, and services; and
- Organizations with legacy systems carrying out day-to-day missions and functions.
“[The systems engineers and enterprise security and risk management professionals] can apply the guidance and cyber resiliency considerations to help ensure that the component products, systems, and services that they need, plan to provide, or have already deployed, can survive when confronted by the APT,” the Volume 2 draft guidance says.