Interior Page Icon


For Architects

Each of the guidance documents listed below incorporate cyber resiliency practices that help organizations minimize the effects of destructive malware through increased resiliency of the organizations computer systems and networks. The "Prepare and Plan" activities incorporate cyber resiliency practices that help organizations reduce the attack surface in preparation of a cyber attack and the "Recover and Reconstitute" activities incorporate cyber resiliency practices that help organizations reduce the attack surface after a cyber attack is discovered. The "Disrupting the Attack Surface" activity incorporates cyber resiliency practices focused on interfering with the adversary's activities and impeding these activities during a cyber attack.

There are two levels of guidance, one for Executives and the other for Architects.

Disrupting the Attack Surface

Change the attack surface to get ahead of the attack and defeat the adversary.

Prepare and Plan Activities

Architect to Protect

Secure Administration

Access Control

Build resiliency into the foundation of your computing and communications infrastructure to ensure operational continuity.

Use secure system administration and management capabilities to reduce attack opportunities.

Constrain the actions adversaries can take, validate that those constraints are in place, and ensure that they are effectively limiting harm.

Device Hardening

Backup Strategies

Cyber COOP Planning

Improve the defenses of component systems and services to make the attacker's job harder.

Establish a foundation for recovering from an otherwise catastrophic loss.

Extend and integrate traditional COOP with cyber resilience.

Recover and Reconstitute Activities

Cyber COOP Execution

Secure Communications

Core Services

Extend traditional COOP to include cyber defense and incidence response strategies and tools.

Create a secure response infrastructure to keep cyber adversaries from inserting themselves into response and recovery processes.

Rebuild high-priority core services after an attack to ensure recovery and minimize disruption to the mission.

Data Recovery Strategies


After Action Activities

Reconstitute data and applications to continue mission or business functions in a trustworthy manner.

Investigate cyber incidents to provide assurance that the incident has been contained.

Review the cause and details of an incident to help the organization evolve its security architecture and identify areas where resilience capabilities can be enhanced.