Date Published: June 7, 2022
Comments Due: July 8, 2022 (public comment period is CLOSED)
Email Questions to: security-engineering@nist.gov
, ,
This final public draft offers significant content and design changes that include a renewed emphasis on the importance of systems engineering and viewing systems security engineering as a critical subdiscipline necessary to achieving trustworthy secure systems. This perspective treats security as an emergent property of a system. It requires a disciplined, rigorous engineering process to deliver the security capabilities necessary to protect stakeholders’ assets from loss while achieving mission and business success.
Bringing security out of its traditional stovepipe and viewing it as an emergent system property helps to ensure that only authorized system behaviors and outcomes occur, much like the engineering processes that address safety, reliability, availability, and maintainability in building spacecraft, airplanes, and bridges. Treating security as a subdiscipline of systems engineering also facilitates making comprehensive trade space decisions as stakeholders continually address cost, schedule, and performance issues, as well as the uncertainties associated with system development efforts.
In particular, this final public draft:
NIST is interested in your feedback on the specific changes made to the publication during this update, including the organization and structure of the publication, the presentation of the material, its ease of use, and the applicability of the technical content to current or planned systems engineering initiatives.
NOTE: A call for patent claims is included on page v of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
None selected
Publication:
SP 800-160 Vol. 1 Rev. 1 (Draft) (DOI)
Local Download
Supplemental Material:
Comment template (xls)
Systems Security Engineering (SSE) Project (web)
Document History:
01/11/22: SP 800-160 Vol. 1 Rev. 1 (Draft)
06/07/22: SP 800-160 Vol. 1 Rev. 1 (Draft)
Security and Privacy
planning; risk assessment; trustworthiness
Laws and Regulations
E-Government Act