U.S. flag   An unofficial archive of your favorite United States government website
This is an archive
(replace .gov by .rip)

SP 800-64 Rev. 2

Security Considerations in the System Development Life Cycle

Date Published: October 2008

Supersedes: SP 800-64 Rev. 1 (06/16/2004)

Planning Note (5/31/2019):

This withdrawn publication includes content that is out of date. It is provided here for historical reference.

Readers should refer to NIST SP 800-160 Volume 1 for current information about system life cycle processes and systems security engineering. NIST intends to develop a white paper that describes how the Risk Management Framework (SP 800-37 Rev. 2) relates to system development life cycle processes and stages.


Richard Kissel (NIST), Kevin Stine (NIST), Matthew Scholl (NIST), Hart Rossman (SAIC), Jim Fahlsing (SAIC), Jessica Gulick (SAIC)



Cyber Security; FISMA; SDLC; Computer Security; System Development
Control Families

Planning; System and Services Acquisition


SP 800-64 Rev. 2 (DOI)
Local Download

Supplemental Material:
None available

Related NIST Publications:
SP 800-160 Vol. 1
ITL Bulletin

Document History:
10/16/08: SP 800-64 Rev. 2


Security and Privacy
general security & privacy

Laws and Regulations
OMB Circular A-130