Date Published: March 2016
Email Questions to:
NIST requests public comments on draft Special Publication (SP) 800-154, Guide to Data-Centric System Threat Modeling. Data-centric system threat modeling is a form of risk assessment that models aspects of the attack and defense sides for selected data within a system. Draft SP 800-154 provides information on the basics of data-centric system threat modeling so that organizations can use it as part of their risk management processes instead of relying solely on conventional "best practice" recommendations.
Keywords information security; risk assessment; risk management; threat modeling; threats; data security; vulnerabilities
Security Assessment and Authorization;