Date Published: June 2001
Author(s)
Gary Stoneburner (NIST), Clark Hayden (BAH), Alexis Feringa (BAH)
The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. Ideally, the principles presented here would be used from the onset of a program—at the beginning of, or during the design phase—and then employed throughout the system’s life-cycle. However, these principles are also helpful in affirming and confirming the security posture of already deployed information systems. The principles are short and concise and can be used by organizations to develop their system life-cycle policies.
The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. Ideally, the principles presented here would be used from the onset of a program—at...
See full abstract
The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. Ideally, the principles presented here would be used from the onset of a program—at the beginning of, or during the design phase—and then employed throughout the system’s life-cycle. However, these principles are also helpful in affirming and confirming the security posture of already deployed information systems. The principles are short and concise and can be used by organizations to develop their system life-cycle policies.
Hide full abstract
Keywords
Computer security; engineering principles; IT security; security baseline
Control Families
None selected