The IT Law Wiki


National Institute of Standards and Technology, Systems Security Engineering Guideline: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems (NIST Special Publication 800-160) (Nov. 2016) (full-text).


This publication addresses the engineering-driven actions necessary to develop more defensible and survivable systems — including the components that compose and the services that depend on those systems. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronics Engineers (IEEE), and infuses systems security engineering techniques, methods, and practices into those systems and software engineering activities. The ultimate objective is to address security issues from a stakeholder requirements and protection needs perspective and to use established engineering processes to ensure that such requirements and needs are addressed with the appropriate fidelity and rigor across the entire life cycle of the system.

This publication is intended to be extremely flexible in its application in order to meet the diverse needs of organizations. It is not intended to provide a specific recipe for execution. Rather, it can be viewed as a catalog or handbook for achieving the identified security outcomes of a systems engineering perspective on system life cycle processes — leaving it to the experience and expertise of the engineering organization to determine what is correct for its purpose.