Paulsen, C.
, Boyens, J.
, Bartol, N.
and Winkler, K.
(2018),
Criticality Analysis Process Model, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.IR.8179
(Accessed April 25, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Criticality Analysis Process Model
Published
Author(s)
, , Nadya Bartol, Kris Winkler
Abstract
In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the missions that they support. However, in the world of finite resources, it is not possible to apply equal protection to all assets. This publication describes a comprehensive Criticality Analysis Process Model -- a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss may present to those goals. A criticality analysis can help organizations identify and better understand the systems, subsystems, components, and subcomponents that are most essential to their operations and the environment in which they operate. That understanding facilitates better decision making related to the management of an organization's information assets, including information security and privacy risk management, project management, acquisition, maintenance, and upgrade decisions. The Model is structured to logically follow how organizations design and implement projects and systems, can be used as a component of a holistic and comprehensive risk management approach that considers all risks, and can be used with a variety of risk management standards and guidelines.Citation
NIST Interagency/Internal Report (NISTIR) - 8179
Report Number
8179
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
Baseline criticality, criticality, criticality analysis, critical components, critical programs, critical systems, information security, prioritizing components, prioritizing programs, prioritizing systems, prioritization, privacy.
Citation
Created April 9, 2018, Updated November 10, 2018