NIST Releases Criticality Analysis Guide

The agency is requesting public comments by Aug. 18 on the document, which will help organizations perform a step-by-step analysis to identify critical parts of a system that must not fail or be compromised if the system is to successfully support the organization's mission.

Nearly every organization depends on information or operational technology for its principal business or mission, but how can they keep the infrastructure up to date without jeopardizing its ability to function or breaking the budget? The National Institute of Standards and Technology (NIST) hopes to help answer this key question with new draft guidance to help organizations conduct criticality analyses.

The agency is requesting public comments by Aug. 18 on the document, which will help organizations perform a step-by-step analysis to identify critical parts of a system that must not fail or be compromised if the system is to successfully support the organization's mission.

The document is NIST Interagency Report (NISTIR) 8179, "Criticality Analysis Process Model." It builds on previous NIST guidance that emphasized the importance of identifying the critical points in a system but did not provide a method for doing so, says the agency. "This draft report shows people how to perform a criticality analysis that's tailored to their organization," explained NIST cybersecurity expert Jon Boyens, who co-authored the report with his colleague Celia Paulsen. "Each agency will have its own situation. We are developing this for the government, but we want it to be friendly and useful for the private sector."

"I think guidance like this will help secure the supply chain," said John Peterson, senior program manager at the Redhorse Corporation in San Diego. "A lot of these systems are integrated, so if you have one part that's compromised in some way, it could affect the entire system."

"The legacy problem is notorious throughout industry," said Carol Woody, technical manager for cybersecurity engineering at the Software Engineering Institute in Pittsburgh. "All organizations are trying to keep technology costs down. It's hard to do because they have to make choices that may not always anticipate problems 10 years down the road. What the NIST authors are doing is saying, 'Think broadly. Ask yourself why you bought something and how long it will be before it could conceivably need more capability—plan for its usable life and budget accordingly.'"

Download Center

HTML - No Current Item Deck
  • Free Safety Management Software Demo

    IndustrySafe Safety Management Software helps organizations to improve safety by providing a comprehensive toolset of software modules to help businesses identify trouble spots; reduce claims, lost days, OSHA fines; and more.

  • Complete Online Safety Training Courses

    Deliver state-of-the art, online safety training courses to your organization with IndustrySafe Training Management Software. Generate reports to track training compliance and automatically notify learners of upcoming or overdue classes.

  • Easy to Use Safety Inspection App

    Conduct inspections on the go with IndustrySafe’s mobile app. Complete safety audits at job sites and remote locations—with or without web access.

  • Track Key Safety Performance Indicators

    IndustrySafe’s Dashboard Module allows organizations to easily track safety KPIs and metrics. Gain increased visibility into your business’ operations and safety data.

  • Analyze Incident Data and Maintain OSHA Compliance

    Collect relevant incident data, analyze trends, and generate accurate regulatory reports, including OSHA 300, 300A, and 301 logs, through IndustrySafe’s extensive incident reporting and investigation module.

  • Industry Safe
comments powered by Disqus