"NIST Updates Cybersecurity Engineering Guidelines"

The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for system engineers. The document titled "Engineering Trustworthy Secure Systems" resulted from President Joe Biden's 2021 executive order aimed at strengthening the federal government's defenses against large-scale attacks on critical infrastructure. Computer engineers and other professionals on the programming side of cybersecurity are encouraged to use NIST's publication as a resource. It covers actions needed to develop more defensible and resilient systems. The publication addresses machine, physical, and human components that make up systems, as well as the capabilities and services provided by those systems. In the publication, NIST researchers highlight the objectives and concepts of modern security systems, especially the protection of a system's digital assets. One of the key updates made in the document is the emphasis on security assurances. In the realm of software systems engineering, assurance refers to proof that a system's security procedures can adequately mitigate asset loss and thwart cyberattacks. Ron Ross, a NIST fellow and one of the document's authors, emphasized the importance of gathering evidence during the system life cycle to build assurance cases for systems that are used in critical infrastructure. This article continues to discuss NIST's newest draft of "Engineering Trustworthy Secure Systems" and other similar guidelines published by the agency in recent years. 

GCN reports "NIST Updates Cybersecurity Engineering Guidelines"