Developing Cyber-Resilient Systems
Cyber resiliency, like security, is a concern at multiple levels in an organization. The four cyber resiliency goals, which are common to many resilience definitions, are included in the definition and the cyber resiliency engineering framework to provide linkage between risk management decisions at the mission and business process level and at the system level with those at the organizational level. Organizational risk management strategies can use the cyber resiliency goals and associated strategies to incorporate cyber resiliency.
Cyber resiliency objectives are more specific statements of what a system must achieve in its operational environment and throughout its life cycle to meet stakeholder needs for mission assurance and resilient security.
The purpose of this document is to supplement [SP 800-160 v1] and [SP 800-37] (or other risk management processes or methodologies) with guidance on how to apply cyber resiliency concepts, constructs, and engineering practices as part of systems security engineering and risk management for systems and organizations. This document identifies considerations of the engineering of systems that include the following circumstances or systems that depend on cyber resources. Circumstances or types of systems to which this document applies include: