NIST Issues 2nd Draft of Systems Security Engineering Framework; Ron Ross Comments

cyberThe National Institute of Standards and Technology has released a new draft publication that proposes to incorporate security concepts into the systems engineering stage of cyber-physical systems in an effort to protect these assets from threats.

NIST said Wednesday the publication recommends the inclusion of security factors to the original design throughout a system’s lifecycle for developers of smartphones, industrial systems and process control systems.

“The systems security engineering considerations in NIST SP 800-160 give organizations the capability to strengthen their systems against cyberattacks, limit the damage from those attacks if they occur, and make their systems survivable,” said Ron Ross, NIST fellow.

Ross told an Institute for Critical Infrastructure Technology forum in April the framework represents the agency’s holistic approach and strategy to help the government combat cyber attacks.

The security principles outlined in the draft apply to engineering design, system analysis, implementation and non-engineering processes.

NIST intends for the security considerations in the draft to address modern versions of manufacturing systems, environmental monitoring devices and the Internet of Things sensors.

The agency incorporated comments submitted for the first draft published in May 2014 and the agency seeks public feedback for the new draft no later than July 1.

Check Also

David Deptula

Mitchell Institute’s David Deptula on DoD’s Need for Efficient, Interoperable Joint C2 System

David Deptula, dean of the Mitchell Institute for Aerospace Studies and retired U.S. Air Force lieutenant general, said the U.S. military must “embrace a new approach” to effectively coordinate joint all-domain command and control (JADC2) operations.

Leave a Reply

Your email address will not be published. Required fields are marked *