MITRE’s Cyber Resilience Engineering Framework provides structured and consistent guidance to apply unilaterally when selecting and implementing security controls. This paper identifies specific controls in NIST SP 800-53R4 that support cyber resiliency.
Cyber Resiliency and NIST Special Publication 800-53 Rev.4 Controls
Download Resources
PDF Accessibility
One or more of the PDF files on this page fall under E202.2 Legacy Exceptions and may not be completely accessible. You may request an accessible version of a PDF using the form on the Contact Us page.
Attacks in cyberspace are no longer limited to simple discrete events such as the spread of a virus or a denial-of-service attack against an organization. Campaigns are waged by the advanced persistent threat (APT), which has the capabilities, resources and persistence to breach even well-patched and monitored IT infrastructures. Therefore, today's systems must be resilient against the APT. MITRE has developed its cyber resilience engineering framework (CREF) to support the development of structured and consistent cyber resiliency guidance. The CREF consists of goals, objectives and techniques. In the context of the Risk Management Framework defined by NIST SP 800-37, cyber resiliency techniques can be applied to a system, set of shared services, or common infrastructure by selecting, tailoring, and implementing security controls. This document identifies those controls in NIST SP 800-53R4 that support cyber resiliency.