The National Institute of Standards and Technology has released draft guidance meant to help public and private sector entities identify system elements that must remain active in order to fulfill organizational missions.
NIST said Monday its Criticality Analysis Process Model document offers a step-by-step guide on how to analyze critical parts of a system and seeks to help organizations maintain infrastructure and functions without exceeding previously set budgets.
“This draft report shows people how to perform a criticality analysis that’s tailored to their organization,” said Jon Boyens, an NIST cybersecurity expert and co-author of the report.
“We are developing this for the government, but we want it to be friendly and useful for the private sector,” Boyens added.
NIST noted that criticality analysis helps identify high-value assets and modify traditional risk assessment procedures to help prepare an organization for what potential threats can do.
The agency will collect public feedback on the guidance through Aug. 18.