Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Developing Cyber-Resilient Systems: A Systems Security Engineering Approach



Ronald S. Ross, Victoria Yan Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid


NIST Special Publication (SP) 800-160, Volume 2, Revision 1, focuses on cyber resiliency engineering—an emerging specialty systems engineering discipline applied in conjunction with systems security engineering and resilience engineering to develop survivable, trustworthy secure systems. Cyber resiliency engineering intends to architect, design, develop, implement, maintain, and sustain the trustworthiness of systems with the capability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises that use or are enabled by cyber resources. From a risk management perspective, cyber resiliency is intended to help reduce the mission, business, organizational, enterprise or sector risk of depending on cyber resources. This publication can be used in conjunction with ISO/IEC/IEEE 15288:2015, Systems and software engineering—Systems life cycle processes, NIST Special Publication (SP) 800-160, Volume 1, Systems Security Engineering—Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, NIST SP 800-37, Risk Management Framework for Information Systems and Organizations—A System Life Cycle Approach for Security and Privacy; and NIST SP 800-53, Security and Privacy Controls for Information Systems and Organizations. It can be viewed as a handbook for achieving the identified cyber resiliency outcomes based on a systems engineering perspective on system life cycle and risk management processes, allowing the experience and expertise of the implementing organization to help determine how the content will be used for its purpose. Organizations can select, adapt, and use some or all of the cyber resiliency constructs (i.e., goals, objectives, techniques, approaches, and design principles) described in this publication and apply the constructs to the technical, operational, and threat environments for which systems need to be engineered.
Special Publication (NIST SP) - 800-160v2r1
Report Number


Advanced persistent threat, controls, cyber resiliency, cyber resiliency approaches, cyber resiliency design principles, cyber resiliency engineering framework, cyber resiliency goals, cyber resiliency objectives, cyber resiliency techniques, risk management strategy, system life cycle, systems security engineering, trustworthiness.


Ross, R. , Pillitteri, V. , Graubart, R. , Bodeau, D. and McQuaid, R. (2021), Developing Cyber-Resilient Systems: A Systems Security Engineering Approach, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online],, (Accessed April 23, 2024)
Created December 8, 2021, Updated November 29, 2022