U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

SP 800-160

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

Date Published: November 2016 (Updated 1/3/2018)

Supersedes: SP 800-160 (11/14/2016)

Author(s)

Ron Ross (NIST), Michael McEvilley (MITRE), Janet Oren (Legg Mason)

Abstract

Keywords

assurance; developmental engineering; disposal; engineering trades; field engineering; implementation; information security; information security policy; inspection; integration; penetration testing; protection needs; requirements analysis; resiliency; review; risk assessment; risk management; risk treatment; security architecture; security authorization; security design; security requirements; specifications; stakeholder; system-of-systems; system component; system element; system life cycle; systems; systems engineering; systems security engineering; trustworthiness; validation; verification
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Program Management; Risk Assessment; Assessment, Authorization and Monitoring; System and Communications Protection; System and Information Integrity; System and Services Acquisition

Documentation

Publication:
SP 800-160 (DOI)
Local Download

Supplemental Material:
"Rethinking Cybersecurity from the Inside Out" (blog post) (other)

Document History:
01/03/18: SP 800-160

Topics

Security and Privacy
planning; risk assessment; systems security engineering

Laws and Regulations
E-Government Act