APPENDIX B: Adversary Effects

Last updated
Save as PDF

Page ID: 85378

Thomas P. Dover
Butler County Community College

\( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)

Note

Adversary Effects is a new section (Appendix D) included in NIST SP.800-172 (Enhanced Security Requirements for Protecting Controlled Unclassified Information).

Adversary Effects is a new section (Appendix D) included in NIST SP.800-172 (Enhanced Security Requirements for Protecting Controlled Unclassified Information). As described:

Finally, a protection strategy and adversary effects section describe the potential effects of implementing the enhanced security requirements on risk, specifically by reducing the likelihood of occurrence of threat events, the ability of threat events to cause harm, and the extent of that harm. Five high-level, desired effects on the adversary can be identified: redirect, preclude, impede, limit, and expose.¹

The effects themselves contain specific classes of effects:

Deter, divert, and deceive in support of redirect
Negate, preempt, and expunge in support of preclude
Contain, degrade, delay, and exert in support of impede
Shorten and reduce in support of limit
Detect, reveal, and scrutinize in support of expose

NIST describes the specific effects as tactical (i.e., pertaining to a specific threat event or scenario). Detailed explanations of each effect can be found in Appendix D.

Using the effect values a matrix has been created as an example of mapping which adverse effects occur if an associated enhanced security control is implemented (Figure 1). There is no effort made to quantify the values either per control or by individual (adversary) effect as none is provided in the NIST publication. A general view, however, of overall impact a particular control has is achieved by viewing the results in each effect's column. It is clear that controls which are not implemented ('N' or 'D' response) preclude the intended effect whereas 'Y' or 'P' confirm it.

Figure 1: Adversary Effects Map

Map column definitions:

Control Family Name
# (corresponding Control Family requirement number)
C (compliance value). Compliance is defined as (Y)es, (N)o, (P)artial and (D)oes not Apply. Reference Security Assessment Snapshot tab for explanation of Compliance value
Adversary Effects: Redirect, Preclude, Impede, Limit and Expose

If a Control Family contains no adversary effects its listing is highlighted in light blue.

Adversary Effects not associated with a particular control requirement are blank.

Positive and negative (or neutral) effects are highlighted in light and medium gray respectively.

Note

Unlike other elements of this workbook the values in this mapping table are manually entered.

Adversary Effects have been included in the Security Assessment workbook (to reflect inclusion in SP.800-172) but since they are not ordinal it is not possible to quantify their value. As such, a high-level matrix map has been created to show which effects have been achieved if an enhanced security-control is implemented (Figure 1) with the table providing an overall snapshot of Adversary Effects.

The reader is directed to Appendix D of SP.800-172 for complete description and discussion.

[1] SP.800-172, 8