U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

NIST SP 800-160

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

Date Published: November 2016

Supersedes: SP 800-27 Revision (r) (06/21/2004)

Author(s)

Ron Ross (NIST), Michael McEvilley (MITRE), Janet Oren (Legg Mason)

Abstract

Keywords

developmental engineering; disposal; engineering trades; field engineering; implementation; information security; information security policy; inspection; integration; penetration testing; protection needs; requirements analysis; resiliency; review; risk assessment; risk management; risk treatment; security architecture; security authorization; security design; security requirements; specifications; stakeholder; system-of-systems; system component; system element; system life cycle; systems; systems engineering; systems security engineering; trustworthiness; validation; assurance; verification
Control Families

Access Control; Awareness and Training; Audit and Accountability; Assessment, Authorization and Monitoring; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Physical and Environmental Protection; Planning; Program Management; Personnel Security; Risk Assessment; System and Services Acquisition; System and Communications Protection; System and Information Integrity

Documentation

Publication:
SP 800-160 (November 2016) (pdf)

Supplemental Material:
"Rethinking Cybersecurity from the Inside Out" (blog post)

Document History:
11/14/16: SP 800-160 (Final)

Topics

Security and Privacy

planning, risk assessment, systems security engineering

Laws and Regulations

E-Government Act