U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-160 Vol. 2 (Draft)

Developing Cyber Resilient Systems: A Systems Security Engineering Approach (Final Public Draft)

Date Published: September 2019
Comments Due: November 1, 2019 (public comment period is CLOSED)
Email Questions to: sec-cert@nist.gov

Planning Note (9/16/2019):

The PDFs have been fixed so that hyperlinks are now active. This is the Final Public Draft of NIST SP 800-160 Volume 2.


Ron Ross (NIST), Victoria Pillitteri (NIST), Richard Graubart (MITRE), Deborah Bodeau (MITRE), Rosalie McQuaid (MITRE)


Draft NIST SP 800-160, Volume 2 presents the cyber resiliency engineering framework (conceptual framework) for understanding and applying cyber resiliency, a concept of use for the conceptual framework, and specific engineering considerations for implementing cyber resiliency in the system life cycle.

We encourage you to use the comment template provided when submitting comments. Please submit comments to sec-cert@nist.gov by November 1, 2019.

NOTE: A call for patent claims is included on page vi of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications



advanced persistent threat; controls; cyber resiliency; cyber resiliency approaches; cyber resiliency design principles; cyber resiliency engineering framework; cyber resiliency goals; cyber resiliency objectives; cyber resiliency techniques; risk management strategy; system life cycle; systems security engineering; trustworthy
Control Families

None selected


Draft (FPD) SP 800-160 Vol. 2

Supplemental Material:
Draft (FPD) SP 800-160 Vol. 2 (with line numbers) (pdf)
Comment Template (xls)

Document History:
03/21/18: SP 800-160 Vol. 2 (Draft)
09/04/19: SP 800-160 Vol. 2 (Draft)
11/27/19: SP 800-160 Vol. 2


Security and Privacy
risk assessment; systems security engineering; threats