Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-160 Vol. 1

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

Date Published: November 2016 (updated 3/21/2018)

Supersedes: SP 800-160 (01/03/2018)


Ron Ross (NIST), Michael McEvilley (MITRE), Janet Oren (Legg Mason)



disposal; engineering trades; field engineering; implementation; information security; information security policy; inspection; integration; penetration testing; protection needs; requirements analysis; resiliency; review; risk assessment; risk management; risk treatment; security architecture; security authorization; security design; security requirements; specifications; stakeholder; system-of-systems; system component; system element; system life cycle; systems; systems engineering; systems security engineering; trustworthiness; validation; verification; developmental engineering; assurance
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Program Management; Risk Assessment; Security Assessment and Authorization; System and Communications Protection; System and Information Integrity; System and Services Acquisition;


SP 800-160 Vol. 1 (DOI)
Local Download

Supplemental Material:
"Rethinking Cybersecurity from the Inside Out" (blog post) (other)

Other Parts of this Publication:
SP 800-160 Vol. 2


Security and Privacy
planning; risk assessment; trustworthiness

Laws and Regulations
E-Government Act