U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-160

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

Date Published: November 2016 (Updated 1/3/2018)

Supersedes: SP 800-160 (11/14/2016)

Author(s)

Ron Ross (NIST), Michael McEvilley (MITRE), Janet Oren (Legg Mason)

Abstract

Keywords

assurance; developmental engineering; disposal; engineering trades; field engineering; implementation; information security; information security policy; inspection; integration; penetration testing; protection needs; requirements analysis; resiliency; review; risk assessment; risk management; risk treatment; security architecture; security authorization; security design; security requirements; specifications; stakeholder; system-of-systems; system component; system element; system life cycle; systems; systems engineering; systems security engineering; trustworthiness; validation; verification
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Program Management; Risk Assessment; Assessment, Authorization and Monitoring; System and Communications Protection; System and Information Integrity; System and Services Acquisition

Documentation

Publication:
SP 800-160 (DOI)
Local Download

Supplemental Material:
"Rethinking Cybersecurity from the Inside Out" (blog post) (other)

Document History:
01/03/18: SP 800-160

Topics

Security and Privacy
planning; risk assessment; systems security engineering

Laws and Regulations
E-Government Act