Date Published: May 2014
Comments Due:
Email Questions to:
Author(s)
Ron Ross (NIST), Janet Oren (NSA), Michael McEvilley (MITRE)
Announcement
NIST requests comments on the initial public draft of Special Publication (SP) 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. The new security guidelines recommend steps to help develop a more defensible and survivable information technology (IT) infrastructure—including the component products, systems, and services that compose the infrastructure. A formal announcement of the publication is planned on May 13, 2014 at the College of Science and Engineering, Technology Leadership Institute, University of Minnesota.
This publication addresses the engineering-driven actions necessary for developing a more defensible and survivable information technology (IT) infrastructure—including the component products, systems, and services that compose the infrastructure. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronic Engineers (IEEE) and infuses systems security engineering techniques, methods, and practices into those systems and software engineering processes. The ultimate objective is to address security issues from a stakeholder requirements and protection needs perspective and to use established organizational processes to ensure that such requirements and needs are addressed early in and throughout the life cycle of the system.
This publication addresses the engineering-driven actions necessary for developing a more defensible and survivable information technology (IT) infrastructure—including the component products, systems, and services that compose the infrastructure. It starts with and builds upon a set of...
See full abstract
This publication addresses the engineering-driven actions necessary for developing a more defensible and survivable information technology (IT) infrastructure—including the component products, systems, and services that compose the infrastructure. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronic Engineers (IEEE) and infuses systems security engineering techniques, methods, and practices into those systems and software engineering processes. The ultimate objective is to address security issues from a stakeholder requirements and protection needs perspective and to use established organizational processes to ensure that such requirements and needs are addressed early in and throughout the life cycle of the system.
Hide full abstract
Keywords
Systems engineering; system life cycle; integration; implementation; stakeholder; security requirements; security authorization; engineering trades; systems; system-of-systems; inspection; developmental engineering; specifications; systems security engineering; assurance; trustworthiness; information security; information security policy; security architecture; security design; verification; validation; disposal; protection needs; resiliency; requirements analysis; risk management; risk assessment; risk treatment; system element; system component; penetration testing; review; field engineering
Control Families
None selected