U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

SP 800-160 Vol. 1 Rev. 1 (Draft)

Engineering Trustworthy Secure Systems

Date Published: January 11, 2022
Comments Due: February 25, 2022
Email Comments to: security-engineering@nist.gov

Author(s)

Ron Ross (NIST), Michael McEvilley (MITRE), Mark Winstead (MITRE)

Announcement

NIST is releasing the draft of a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems. This publication is intended to serve as a reference and educational resource for engineers and engineering specialties, architects, designers, and personnel involved in the development of trustworthy secure systems and system components. The guidance can be applied selectively by organizations, individuals, or engineering teams to improve the security and trustworthiness of systems and system components.

In particular, Draft SP 800-160 Volume 1, Revision 1 focuses on the following strategic objectives, which drove the majority of changes to the publication:

  • More strongly positioning Systems Security Engineering (SSE) as a sub-discipline of Systems Engineering (SE)
  • Emphasizing that the responsibility for engineering trustworthy secure systems is not limited to security specialties and that the achievement of security outcomes must properly align with SE outcomes
  • Aligning SSE practices with safety practices and other disciplines that deal with the loss of assets and the consequences of asset loss
  • Focusing on the assurance of the correctness and effectiveness of the system’s security capability to achieve authorized and intended behaviors and outcomes and control adverse effects and loss
  • More closely aligning systems security engineering work to international standards

NIST is interested in your feedback on the specific changes made to the publication during this update, including the organization and structure of the publication, the presentation of the material, its ease of use, and the applicability of the technical content to current or planned systems engineering initiatives.

We encourage you to submit comments using the comment template provided.

NOTE: A call for patent claims is included on page vi of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

assurance; developmental engineering; disposal; engineering trades; field engineering; implementation; information security; information security policy; inspection; integration; penetration testing; protection needs; requirements analysis; resilience; review; risk assessment; risk management; risk treatment; security architecture; security authorization; security design; security requirements; specifications; stakeholder; system of systems; system component; system element; system life cycle; systems; systems engineering; systems security engineering; trustworthiness; validation; verification
Control Families

None selected

Documentation

Publication:
SP 800-160 Vol. 1 Rev. 1 (Draft) (DOI)
Local Download

Supplemental Material:
Comment template (xls)
Systems Security Engineering (SSE) Project (web)

Document History:
01/11/22: SP 800-160 Vol. 1 Rev. 1 (Draft)

Topics

Security and Privacy
planning; risk assessment; trustworthiness

Laws and Regulations
E-Government Act