NIST Special Publication 800-160: Systems Security Engineering: Consideration for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, offers useful strategies that can raise the bar for cyber defense and can be implemented quickly to drastically minimize traditionally vulnerable attack surfaces laid siege by state sponsored APTs, hacktivists, sophisticated mercenaries and cyber jihad hackers. This condensed review, entitled “NIST SP 800-160: For the Rest of Us – An ICIT Summary” is meant to assist those who are new to this arena and want to delve into the useful strategies the full report possesses but may be limited in comprehension of technical jargon and industry vernacular. It can be considered a simplified and quick reference guide in a more consolidated format for those newer to this space.. Specifically this report includes:
- A summary of the purpose and objectives of SP 800-160
- An overview of the system security engineering model
- A summary of specific systems engineering processes that organizations can incorporate to add trust and security to their systems including Agreement Processes, Organizational Project-Enabling Processes, Technical Management Processes and Technical Processes
On May 16, 2016, ICIT and NIST will deliver a briefing on SP 800-160 featuring one of the report’s primary authors, Dr. Ron Ross (Fellow, NIST). Details of that briefing can be found here.
This report was authored by James Scott (ICIT Senior Fellow – Institute for Critical Infrastructure Technology) and Drew Spaniel (ICIT Visiting Scholar, Carnegie Mellon University).