Draft NISTIR 8179 April 2018

In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the missions that they support. However, in the world of finite resources, it is not possible to apply equal protection to all assets. This publication describes a comprehensive Criticality Analysis Process Model - a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss may present to those goals. A criticality analysis can help organizations identify and better understand the systems, subsystems, components and subcomponents that are most essential to their operations and the environment in which they operate. That understanding facilitates better decision making related to the management of an organization''s information assets, including information security risk management, project management, acquisition, maintenance, and upgrade decisions. The Model is structured to logically follow how organizations design and implement projects and systems, can be used as a component of a holistic and comprehensive risk management approach that considers all risks, and can be used with a variety of risk management standards and guidelines.

Why buy a book you can download for free?

First you gotta find it and make sure it''s the latest version (not always easy). Then you gotta print it using a network printer you share with 100 other people - and its outta paper - and the toner is low (take out the toner cartridge, shake it, then put it back). If it''s just 10 pages, no problem, but if it''s a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that''s paid $75 an hour has to do this himself (who has assistant''s anymore?).

If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money.

It''s much more cost-effective to just order the latest version from Amazon.com

This book is published by 4th Watch Books and includes copyright material. We publish compact, tightly-bound, full-size books (8 1⁄2 by 11 inches), with glossy covers. 4th Watch Books is a Service Disabled Veteran-Owned Small Business (SDVOSB).

For more titles published by 4th Watch Books, please visit: www.usgovpub.com

NIST SP 500-299 NIST Cloud Computing Security Reference Architecture

NIST SP 500-291 NIST Cloud Computing Standards Roadmap Version 2

NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 1 & 2

NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 3 DRAFT

NIST SP 1800-8 Securing Wireless Infusion Pumps

NISTIR 7497 Security Architecture Design Process for Health Information Exchanges (HIEs)

NIST SP 800-66 Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule

NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices

NIST SP 800-177 Trustworthy Email

NIST SP 800-184 Guide for Cybersecurity Event Recovery

NIST SP 800-190 Application Container Security Guide

NIST SP 800-193 Platform Firmware Resiliency Guidelines

NIST SP 1800-1 Securing Electronic Health Records on Mobile Devices

NIST SP 1800-2 Identity and Access Management for Electric Utilities

NIST SP 1800-5 IT Asset Management: Financial Services

NIST SP 1800-6 Domain Name Systems-Based Electronic Mail Security

NIST SP 1800-7 Situational Awareness for Electric Utilities

NIST SP 500-288 Specification for WS-Biometric Devices (WS-BD)