Date Published: March 2016
Comments Due: April 15, 2016 (public comment period is CLOSED)
Email Questions to: email@example.com
Murugiah Souppaya (NIST), Karen Scarfone (Scarfone Cybersecurity)
NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. Draft SP 800-154 provides information on the basics of data-centric system threat modeling so that organizations can use it as part of their risk management processes instead of relying solely on conventional "best practice" recommendations.
Keywords information security; risk assessment; risk management; threat modeling; threats; data security; vulnerabilities
Security Assessment and Authorization;