2-Year Interagency Initiative Aims to Define and Integrate Secure Systems Engineering
Published: May 21, 2014
Mid May 2014, the National Institute for Standards and Technology (NIST) released an initial public draft of guidance for secure systems engineering. The document is part of NIST’s 800 series of special publications, which provide computer security resources.
According to NIST fellow Ron Ross, “We need to have the same confidence in the trustworthiness of our IT products and systems that we have in the bridges we drive across or the airplanes we fly in.” To that end, computer security experts are working to incorporate security into IT systems through systems and software engineering principles. An initial set of guidelines has been released by NIST for public comment in the draft document Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems. The ultimate objective, as the document puts it, is “to address security issues from a stakeholder requirements and protection needs perspective and to use established organizational processes to ensure that such requirements and needs are addressed early in and throughout the life cycle of the system.”
The process for developing the guidance has four stages. The phased approach of the initiative will allow the numerous stakeholders to focus their review and feedback on key elements of the engineering process as different parts of the guidance are developed. The current draft is part of the first stage of the guidance development process.