Cyber Resiliency and NIST Special Publication 800-53 Rev.4 ControlsDecember 2013
Attacks in cyberspace are no longer limited to simple discrete events such as the spread of a virus or a denial-of-service attack against an organization. Campaigns are waged by the advanced persistent threat (APT), which has the capabilities, resources and persistence to breach even well-patched and monitored IT infrastructures. Therefore, today's systems must be resilient against the APT. MITRE has developed its cyber resilience engineering framework (CREF) to support the development of structured and consistent cyber resiliency guidance. The CREF consists of goals, objectives and techniques. In the context of the Risk Management Framework defined by NIST SP 800-37, cyber resiliency techniques can be applied to a system, set of shared services, or common infrastructure by selecting, tailoring, and implementing security controls. This document identifies those controls in NIST SP 800-53R4 that support cyber resiliency.