NIST Releases NIST Internal Report (NISTIR) 8179, Criticality Analysis Process Model: Prioritizing Systems and Components

NIST releases a publication that will help organizations to identify those systems and components that are most vital and which may need additional security or other protections. NIST Internal Report (NISTIR) 8179, Criticality Analysis Process Model: Prioritizing Systems and Components proposes a unique model, called the Criticality Analysis Process Model, which is based on existing methods and approaches but is tailored specifically to the needs of information security and privacy risk managers. Criticality Analysis is regularly called out as a best practice and is referenced in various risk management guidance; this publication provides guidance on how to conduct such an analysis and provides a needed tool for better managing risks. The Criticality Analysis Process Model is intended to be used as a component of a holistic and comprehensive risk management approach that considers all risks, including information security and privacy risks, to prioritize and tailor controls to those risks. The Model can be used with a variety of risk management standards and guidelines and in conjunction with systems and software engineering, project management, and auditing/attestation frameworks.