Each of the guidance documents listed below incorporate cyber resiliency practices that help organizations minimize the effects of destructive malware through increased resiliency of the organizations computer systems and networks. The "Prepare and Plan" activities incorporate cyber resiliency practices that help organizations reduce the attack surface in preparation of a cyber attack and the "Recover and Reconstitute" activities incorporate cyber resiliency practices that help organizations reduce the attack surface after a cyber attack is discovered. The "Disrupting the Attack Surface" activity incorporates cyber resiliency practices focused on interfering with the adversary's activities and impeding these activities during a cyber attack.
There are two levels of guidance, one for Executives and the other for Architects.
Disrupting the Attack Surface |
Change the attack surface to get ahead of the attack and defeat the adversary. |
Prepare and Plan Activities
Architect to Protect |
Secure Administration |
Access Control |
Build resiliency into the foundation of your computing and communications infrastructure to ensure operational continuity. |
Use secure system administration and management capabilities to reduce attack opportunities. |
Constrain the actions adversaries can take, validate that those constraints are in place, and ensure that they are effectively limiting harm. |
Device Hardening |
Backup Strategies |
Cyber COOP Planning |
Improve the defenses of component systems and services to make the attacker's job harder. |
Establish a foundation for recovering from an otherwise catastrophic loss. |
Extend and integrate traditional COOP with cyber resilience. |
Recover and Reconstitute Activities
Cyber COOP Execution |
Secure Communications |
Core Services |
Extend traditional COOP to include cyber defense and incidence response strategies and tools. |
Create a secure response infrastructure to keep cyber adversaries from inserting themselves into response and recovery processes. |
Rebuild high-priority core services after an attack to ensure recovery and minimize disruption to the mission. |
Data Recovery Strategies |
Forensics |
After Action Activities |
Reconstitute data and applications to continue mission or business functions in a trustworthy manner. |
Investigate cyber incidents to provide assurance that the incident has been contained. |
Review the cause and details of an incident to help the organization evolve its security architecture and identify areas where resilience capabilities can be enhanced. |