Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Developing Cyber Resilient Systems: A Systems Security Engineering Approach

Published

Author(s)

Ronald S. Ross, Victoria Y. Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid

Abstract

This publication is used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering--Systems life cycle processes, NIST Special Publication 800-160, Volume 1, Systems Security Engineering--Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, and NIST Special Publication 800-37, Risk Management Framework for Information Systems and Organizations--A System Life Cycle Approach for Security and Privacy. It can be viewed as a handbook for achieving the identified cyber resiliency outcomes based on a systems engineering perspective on system life cycle processes in conjunction with risk management processes, allowing the experience and expertise of the organization to help determine what is correct for its purpose. Organizations can select, adapt, and use some or all of the cyber resiliency constructs (i.e., objectives, techniques, approaches, and design principles) described in this publication and apply the constructs to the technical, operational, and threat environments for which systems need to be engineered. The system life cycle processes and cyber resiliency constructs can be used for new systems, system upgrades, or repurposed systems; can be employed at any stage of the system life cycle; and can take advantage of any system or software development methodology including, for example, waterfall, spiral, or agile. The processes and associated cyber resiliency constructs can also be applied recursively, iteratively, concurrently, sequentially, or in parallel and to any system regardless of its size, complexity, purpose, scope, environment of operation, or special nature.
Citation
Special Publication (NIST SP) - 800-160 Vol. 2
Report Number
800-160 Vol. 2

Keywords

Advanced persistent threat, controls, cyber resiliency, cyber resiliency approaches, cyber resiliency design principles, cyber resiliency engineering framework, cyber resiliency goals, cyber resiliency objectives, cyber resiliency techniques, risk management strategy, system life cycle, systems security engineering, trustworthy.

Citation

Ross, R. , Pillitteri, V. , Graubart, R. , Bodeau, D. and McQuaid, R. (2019), Developing Cyber Resilient Systems: A Systems Security Engineering Approach, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-160v2 (Accessed August 2, 2021)
Created November 27, 2019, Updated January 27, 2020