Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

SP 800-160 Vol. 1

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

Date Published: November 2016 (updated 3/21/2018)

Planning Note (7/14/2020): A supplement to Appendix D is now available.

Supersedes: SP 800-160 (01/03/2018)

Author(s)

Ron Ross (NIST), Michael McEvilley (MITRE), Janet Oren (Legg Mason)

Abstract

Keywords

engineering trades; field engineering; implementation; information security; information security policy; inspection; integration; penetration testing; protection needs; requirements analysis; resiliency; review; risk assessment; risk management; risk treatment; security architecture; security authorization; security design; security requirements; specifications; stakeholder; system-of-systems; system component; system element; system life cycle; systems; systems engineering; systems security engineering; trustworthiness; validation; verification; assurance; disposal; developmental engineering
Control Families

Access Control; Audit and Accountability; Awareness and Training; Configuration Management; Contingency Planning; Identification and Authentication; Incident Response; Maintenance; Media Protection; Personnel Security; Physical and Environmental Protection; Planning; Program Management; Risk Assessment; Security Assessment and Authorization; System and Communications Protection; System and Information Integrity; System and Services Acquisition

Documentation

Publication:
SP 800-160 Vol. 1 (DOI)
Local Download

Supplemental Material:
Appendix D Supplement (xls)
"Rethinking Cybersecurity from the Inside Out" (blog post) (other)

Other Parts of this Publication:
SP 800-160 Vol. 2

Document History:
03/21/18: SP 800-160 Vol. 1 (Final)

Topics

Security and Privacy
planning; risk assessment; trustworthiness

Laws and Regulations
E-Government Act