NIST Releases Criticality Analysis Guide

The agency is requesting public comments by Aug. 18 on the document, which will help organizations perform a step-by-step analysis to identify critical parts of a system that must not fail or be compromised if the system is to successfully support the organization's mission.

Nearly every organization depends on information or operational technology for its principal business or mission, but how can they keep the infrastructure up to date without jeopardizing its ability to function or breaking the budget? The National Institute of Standards and Technology (NIST) hopes to help answer this key question with new draft guidance to help organizations conduct criticality analyses.

The agency is requesting public comments by Aug. 18 on the document, which will help organizations perform a step-by-step analysis to identify critical parts of a system that must not fail or be compromised if the system is to successfully support the organization's mission.

The document is NIST Interagency Report (NISTIR) 8179, "Criticality Analysis Process Model." It builds on previous NIST guidance that emphasized the importance of identifying the critical points in a system but did not provide a method for doing so, says the agency. "This draft report shows people how to perform a criticality analysis that's tailored to their organization," explained NIST cybersecurity expert Jon Boyens, who co-authored the report with his colleague Celia Paulsen. "Each agency will have its own situation. We are developing this for the government, but we want it to be friendly and useful for the private sector."

"I think guidance like this will help secure the supply chain," said John Peterson, senior program manager at the Redhorse Corporation in San Diego. "A lot of these systems are integrated, so if you have one part that's compromised in some way, it could affect the entire system."

"The legacy problem is notorious throughout industry," said Carol Woody, technical manager for cybersecurity engineering at the Software Engineering Institute in Pittsburgh. "All organizations are trying to keep technology costs down. It's hard to do because they have to make choices that may not always anticipate problems 10 years down the road. What the NIST authors are doing is saying, 'Think broadly. Ask yourself why you bought something and how long it will be before it could conceivably need more capability—plan for its usable life and budget accordingly.'"

Product Showcase

  • Magid® D-ROC® GPD412 21G Ultra-Thin Polyurethane Palm Coated Work Gloves

    Magid’s 21G line is more than just a 21-gauge glove, it’s a revolutionary knitting technology paired with an advanced selection of innovative fibers to create the ultimate in lightweight cut protection. The latest offering in our 21G line provides ANSI A4 cut resistance with unparalleled dexterity and extreme comfort that no other 21-gauge glove on the market can offer! Read More

  • Safety Knives

    The Safety Knife Company has developed a quality range of safety knives for all industries. Designed so that fingers cannot get to the blades, these knives will safely cut through cardboard, tape, strapping, shrink or plastic wrap or a variety of other packing materials. Because these knives have no exposed blades and only cut cardboard deep, they will not only protect employees against lacerations but they will also save product. The Metal Detectable versions have revolutionary metal detectable polypropylene knife bodies specifically for the food and pharmaceutical industries. This material can be detected and rejected by typical detection machines and is X-ray visible. Read More

  • HAZ LO HEADLAMPS

    With alkaline or rechargeable options, these safety rated, Class 1, Div. 1 Headlamps provide long runtime with both spot and flood options in the same light. Work safely and avoid trip hazards with flexible hands-free lighting from Streamlight. Read More

Featured

Artificial Intelligence

Webinars