Cyber resiliency, like security, is a concern at multiple levels in an organization. The four cyber resiliency goals, which are common to many resilience definitions, are included in the definition and the cyber resiliency engineering framework to provide linkage between risk management decisions at the mission and business process level and at the system level with those at the organizational level. Organizational risk management strategies can use the cyber resiliency goals and associated strategies to incorporate cyber resiliency.

Cyber resiliency objectives are more specific statements of what a system must achieve in its operational environment and throughout its life cycle to meet stakeholder needs for mission assurance and resilient security.

The purpose of this document is to supplement [SP 800-160 v1] and [SP 800-37] (or other risk management processes or methodologies) with guidance on how to apply cyber resiliency concepts, constructs, and engineering practices as part of systems security engineering and risk management for systems and organizations. This document identifies considerations of the engineering of systems that include the following circumstances or systems that depend on cyber resources. Circumstances or types of systems to which this document applies include:

Click to download 

Condition-based maintenance (CBM) is a maintenance strategy that monitors the actual condition of an asset to decide what maintenance needs to be done. CBM dictates that maintenance should only be performed when specific indicators show signs of decreasing performance or upcoming failure. Checking a machine for these indicators may include non-invasive measurements, visual inspection, performance data and scheduled tests. Condition data can then be gathered at specific intervals or continuously (as is done when a machine has internal sensors). Condition-based maintenance can be applied to mission-critical and non-mission-critical assets.

Unlike in planned maintenance (PM), where maintenance is performed based upon predefined scheduled intervals, condition-based maintenance is performed only after a decrease in the equipment condition has been observed. Compared with preventive maintenance, this increases the time between maintenance repairs because maintenance is done on an as-needed basis. This also helps in reducing the unplanned downtime because of sudden breakdowns as machines are continuously monitored using sensors.

Click to download

On May 12, 2021, President Biden issued an Executive Order (EO) aiming to improve the federal government’s efforts to “identify, deter, protect against, detect and respond” to cybersecurity incidents.

Released five days after the ransomware attack on Colonial Pipeline, it is intended as a comprehensive response to anongoing trend of increased threats.

The EO is intended to help the government modernize and mitigate the risk of cyber incidents. It also aims to encourage private-sector-owned domestic critical infrastructure to partner with and follow the federal government’s lead to take ambitious measures to augment and aligncybersecurity investments with the goal of minimizing future incidents.

The EO required quick action, with 30-day, 90-day and 365-day deadlines across seven key objectives.

Click to download