Skip to main content
Library homepage
Engineering LibreTexts

APPENDIX B: Adversary Effects

  • Page ID
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)\(\newcommand{\AA}{\unicode[.8,0]{x212B}}\)


    Adversary Effects is a new section (Appendix D) included in NIST SP.800-172 (Enhanced Security Requirements for Protecting Controlled Unclassified Information).

    Adversary Effects is a new section (Appendix D) included in NIST SP.800-172 (Enhanced Security Requirements for Protecting Controlled Unclassified Information). As described:

    Finally, a protection strategy and adversary effects section describe the potential effects of implementing the enhanced security requirements on risk, specifically by reducing the likelihood of occurrence of threat events, the ability of threat events to cause harm, and the extent of that harm. Five high-level, desired effects on the adversary can be identified: redirect, preclude, impede, limit, and expose.1

    The effects themselves contain specific classes of effects:

    • Deter, divert, and deceive in support of redirect
    • Negate, preempt, and expunge in support of preclude
    • Contain, degrade, delay, and exert in support of impede
    • Shorten and reduce in support of limit
    • Detect, reveal, and scrutinize in support of expose

    NIST describes the specific effects as tactical (i.e., pertaining to a specific threat event or scenario). Detailed explanations of each effect can be found in Appendix D.

    Using the effect values a matrix has been created as an example of mapping which adverse effects occur if an associated enhanced security control is implemented (Figure 1). There is no effort made to quantify the values either per control or by individual (adversary) effect as none is provided in the NIST publication. A general view, however, of overall impact a particular control has is achieved by viewing the results in each effect's column. It is clear that controls which are not implemented ('N' or 'D' response) preclude the intended effect whereas 'Y' or 'P' confirm it.

    Figure 1: Adversary Effects Map

    Map column definitions:

    • Control Family Name
    • # (corresponding Control Family requirement number)
    • C (compliance value). Compliance is defined as (Y)es, (N)o, (P)artial and (D)oes not Apply. Reference Security Assessment Snapshot tab for explanation of Compliance value
    • Adversary Effects: Redirect, Preclude, Impede, Limit and Expose

    If a Control Family contains no adversary effects its listing is highlighted in light blue.

    Adversary Effects not associated with a particular control requirement are blank.

    Positive and negative (or neutral) effects are highlighted in light and medium gray respectively.


    Unlike other elements of this workbook the values in this mapping table are manually entered.

    Adversary Effects have been included in the Security Assessment workbook (to reflect inclusion in SP.800-172) but since they are not ordinal it is not possible to quantify their value. As such, a high-level matrix map has been created to show which effects have been achieved if an enhanced security-control is implemented (Figure 1) with the table providing an overall snapshot of Adversary Effects.

    The reader is directed to Appendix D of SP.800-172 for complete description and discussion.

    [1] SP.800-172, 8

    • Was this article helpful?