Crown Jewels Analysis.

A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there. Es gehört zur Kategorie Verteidigung und Betrieb der Cybersicherheit.

A MITRE-popularized methodology that identifies the small set of mission-critical assets whose loss would unacceptably harm the organization, then concentrates protection, monitoring, and IR investment there.

Crown Jewels Analysis (CJA) is a methodology formalized by MITRE in the mid-2010s and incorporated into the U.S. DoD's mission-assurance practice. The premise: most organizations cannot harden everything to the same level, and most adversaries don't care about everything either. CJA produces a ranked, justified list of the assets — datasets, systems, applications, identities, processes — whose compromise or loss would produce unacceptable mission, business, regulatory, or reputational impact, and the dependencies (network paths, credentials, supporting services) that lead to them. The output drives where to concentrate defense-in-depth controls (segmentation, monitoring tier, IR tabletop priority, cyber-insurance scoping, recovery RTO/RPO), what threat models to take most seriously, and which paths in attack-graph terms to disrupt first. CJA is often a precursor to attack-path analysis, MITRE ATT&CK technique prioritization, and adversary-emulation scoping. It is also a common requirement of cyber-insurance underwriting and of regulator-led resilience reviews (DORA, NIS2, U.S. DOD CMMC).

Schutzmaßnahmen gegen Crown Jewels Analysis kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: CJA, Mission-critical asset analysis.