NIST Updates to Cybersecurity Guidance for Engineers
The National Institute of Standards and Technology (NIST) has been trying to revamp its security programs over the past several months. The most recent change updates its cybersecurity guidance for system engineers and adds insights for mitigating system vulnerabilities.
The Source of the Changes
The changes that are coming through today stem from President Joe Biden’s executive order that aimed to boost the federal government’s defenses following a series of large-scale cyberattacks on critical infrastructure. The updates come in the form of an over 200-page document titled “Engineering Trustworthy Secure Systems.”
The Purpose of the Document
In the document, key NIST researchers give an overview of the objectives of modern security systems, primarily concerning protecting critical digital assets. The authors state that the latest version of the publication places a fresh emphasis on security assurances.
Ron Ross, a NIST fellow and one of the key authors of the document, stated that assurances act as justifications that a system is working as intended.
“Evidence generated during the system life cycle is essential to building assurance cases for systems deployed in the critical infrastructure. Assurance cases can turn security into something concrete, measurable, and shareable. Building and delivering assurance is the way to drive the culture of security.”
Building Secure Designs
Furthermore, the document investigates how trustworthy and secure designs can be built. It states that any secure design hinges on the proactive elimination or mitigation of vulnerabilities. Similar guidelines have been published in the past, but they continue to be updated to help build the most proficient systems.
What These Changes Mean
These changes aim to protect sensitive government assets further and add extra measures to ensure that they do not fall into the wrong hands. Enhancing cybersecurity appears to be a priority of President Joe Biden, and this is just another step being taken in that direction.
GSec LLC takes cybersecurity seriously and prides itself on its affordable and efficient approach toward compliance. Contact our team for more information about how we can assist your organization.
By: Alex O’Reilly
https://admin.govexec.com/media/gbc/docs/pdfs_edit/sp_800-160-v1-r1-ipd-embargo_(1).pdf