直到2011年的三月份,NIST才最终定稿了SP 800-39,这个有关信息安全风险管理的框架性指引。在这个指引中,花了很多的篇幅来谈当下最热门的一个风险:APT攻击。在这份文档中,给出了NIST的APT定义:
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). These objectives typically include establishing and extending footholds within the information technology infrastructure of the targeted organizations for purposes of exfiltrating (i.e., transporting it from internal networks to external drop servers) information, undermining or impeding critical aspects of a mission, program, or organization; or positioning itself to carry out these objectives in the future. The advanced persistent threat pursues its objectives repeatedly over an extended period of time; adapts to defenders' efforts to resist it; and is determined to maintain the level of interaction needed to execute its objectives.
