Process that captures and refines information security requirements and ensures that their integration into information technology component products and information systems through purposeful security design or configuration.
Source(s):
NIST SP 800-137
from
CNSSI 4009