Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-154 (DRAFT)

Guide to Data-Centric System Threat Modeling

Date Published: March 2016
Comments Due: April 15, 2016 (public comment period is CLOSED)
Email Questions to: 800-154comments@nist.gov

Author(s)

Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)

Announcement

NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. Draft SP 800-154 provides information on the basics of data-centric system threat modeling so that organizations can use it as part of their risk management processes instead of relying solely on conventional "best practice" recommendations.

Abstract

Keywords

information security; risk assessment; risk management; threat modeling; threats; data security; vulnerabilities
Control Families

Security Assessment and Authorization; Program Management; Risk Assessment;

Documentation

Publication:
Draft SP 800-154

Supplemental Material:
Comment Template (xls)