NIST Releases Criticality Analysis Guide

The agency is requesting public comments by Aug. 18 on the document, which will help organizations perform a step-by-step analysis to identify critical parts of a system that must not fail or be compromised if the system is to successfully support the organization's mission.

Nearly every organization depends on information or operational technology for its principal business or mission, but how can they keep the infrastructure up to date without jeopardizing its ability to function or breaking the budget? The National Institute of Standards and Technology (NIST) hopes to help answer this key question with new draft guidance to help organizations conduct criticality analyses.

The agency is requesting public comments by Aug. 18 on the document, which will help organizations perform a step-by-step analysis to identify critical parts of a system that must not fail or be compromised if the system is to successfully support the organization's mission.

The document is NIST Interagency Report (NISTIR) 8179, "Criticality Analysis Process Model." It builds on previous NIST guidance that emphasized the importance of identifying the critical points in a system but did not provide a method for doing so, says the agency. "This draft report shows people how to perform a criticality analysis that's tailored to their organization," explained NIST cybersecurity expert Jon Boyens, who co-authored the report with his colleague Celia Paulsen. "Each agency will have its own situation. We are developing this for the government, but we want it to be friendly and useful for the private sector."

"I think guidance like this will help secure the supply chain," said John Peterson, senior program manager at the Redhorse Corporation in San Diego. "A lot of these systems are integrated, so if you have one part that's compromised in some way, it could affect the entire system."

"The legacy problem is notorious throughout industry," said Carol Woody, technical manager for cybersecurity engineering at the Software Engineering Institute in Pittsburgh. "All organizations are trying to keep technology costs down. It's hard to do because they have to make choices that may not always anticipate problems 10 years down the road. What the NIST authors are doing is saying, 'Think broadly. Ask yourself why you bought something and how long it will be before it could conceivably need more capability—plan for its usable life and budget accordingly.'"

Download Center

HTML - No Current Item Deck
  • Free Safety Management Software Demo

    IndustrySafe Safety Management Software helps organizations to improve safety by providing a comprehensive toolset of software modules to help businesses identify trouble spots; reduce claims, lost days, OSHA fines; and more.

  • Easy to Use Safety Incident App

    Record incidents on the go with IndustrySafe’s mobile app. Collect data for multiple types of incidents including including near misses, vehicle and environmental incidents, and employee and non-employee injuries; at job sites and remote locations—with or without web access.

  • Safety Training 101

    When it comes to safety training, no matter the industry, there are always questions regarding requirements and certifications. IndustrySafe is here to help. We put together a resource that’s easy to digest so you can get answers to your training questions and ensure you're complying with OSHA's standards.

  • Conduct EHS Inspections and Audits

    Record and manage your organization’s inspection data with IndustrySafe’s Inspections module. IndustrySafe’s pre-built forms and checklists may be used as is, or can be customized to better suit the needs of your organization.

  • Track Key Safety Performance Indicators

    IndustrySafe’s Dashboard Module allows organizations to easily track safety KPIs and metrics. Gain increased visibility into your business’ operations and safety data.

  • Industry Safe
comments powered by Disqus