The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for system engineers, adding more insight for engineers and programmers on mitigating system vulnerabilities.
The guidance, titled “Engineering Trustworthy Secure Systems,” is a resource for computer engineers and other professionals on the programming side of cybersecurity efforts. The guidance stems from President Biden’s 2021 cyber executive order to boost the Federal government’s cyber posture in the wake of several large-scale attacks on critical infrastructure.
Overall, the guidance addresses the engineering-driven perspective and actions necessary to develop more secure and survivable systems.
In the new update, NIST researchers offer an overview of the objectives and concepts of modern security systems, primarily regarding the protection of a system’s digital assets.
One of the critical updates to the guidelines is a renewed emphasis on security assurances. In software systems engineering, system assurances act as justifications that a security system can operate effectively.
“There are three general approaches to assurance [and they] vary based on the type of evidence, how it is acquired, the strength of the judgments made based on the evidence, and the extent to which the assurance matches decision-making needs,” reads the report.
Additionally, new updates to the guidelines investigate the fundamental elements of building trustworthy secure design systems that hinge on the proactive elimination or mitigation of vulnerabilities.
“Building trustworthy, secure systems … requires a holistic approach to protection, broad-based thinking across all assets where loss could occur, and an understanding of adversity, including how adversaries attack and compromise systems,” the report states.