Design organizational systems, system components, or system services to achieve cyber resiliency by: Defining the following cyber resiliency goals: cyber resiliency goals. Defining the following cyber resiliency objectives: cyber resiliency objectives. Defining the following cyber resiliency techniques: cyber resiliency techniques. Defining the following cyber resiliency implementation approaches: cyber resiliency implementation approaches. Defining the following cyber resiliency design principles: cyber resiliency design principles. Implement the selected cyber resiliency goals, objectives, techniques, implementation approaches, and design principles as part of an organizational risk management process or systems security engineering process.
Cyber resiliency is critical to ensuring the survivability of mission critical systems and high value assets. Cyber resiliency focuses on limiting the damage from adversity or the conditions that can cause a loss of assets. Damage can affect: (1) organizations (e.g., loss of reputation, increased existential risk); (2) missions or business functions (e.g., decreased capability to complete current missions and to accomplish future missions); (3) security (e.g., decreased capability to achieve security objectives or to prevent, detect, and respond to cyber incidents); (4) systems (e.g., unauthorized use of system resources or decreased capability to meet system requirements); or (5) specific system elements (e.g., physical destruction; corruption, modification, or fabrication of information).
Cyber resiliency goals are intended to help organizations maintain a state of informed preparedness for adversity, continue essential mission or business functions despite adversity, restore mission or business functions during and after adversity, and modify mission or business functions and their supporting capabilities in response to predicted changes in technical, operational, or threat environments.
NIST SP 800-160, Volume 2 provides additional information on the Cyber Resiliency Engineering Framework to include detailed descriptions of cyber resiliency goals, objectives, techniques, implementation approaches, and design principles. NIST SP 800-160, Vol 1 provides additional information on achieving cyber resiliency as an emergent property of an engineered system.
Determine if: organizational systems, system components, or system services achieve cyber resiliency through cyber resiliency goals; organizational systems, system components, or system services achieve cyber resiliency through cyber resiliency objectives; organizational systems, system components, or system services achieve cyber resiliency through cyber resiliency techniques; organizational systems, system components, or system services achieve cyber resiliency through cyber resiliency implementation approaches; organizational systems, system components, or system services achieve cyber resiliency through cyber resiliency design principles; selected cyber resiliency goals are implemented as part of an organizational risk management process of systems security engineering process; selected cyber resiliency objectives are implemented as part of an organizational risk management process of systems security engineering process; selected cyber resiliency techniques are implemented as part of an organizational risk management process of systems security engineering process; selected cyber resiliency implementation approaches are implemented as part of an organizational risk management process of systems security engineering process; selected cyber resiliency design principles are implemented as part of an organizational risk management process of systems security engineering process.
No cross-framework mappings available