This ITL Bulletin summarizes NIST Special Publication 800-64, Security
Considerations in the Information Sys
tem Development Life Cycle.
That guide presents a framework for incorporating security into all phases of the information system development life cycle (SDLC) process, from initiation to disposal. It is intended to help organizations select and acquire cost-effective security controls by explaining how to include information system security requirements in the SDLC. A general SDLC include the following five phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition. Each includes a minimum set of security steps needed to effectively incorporate security into a system during its development. An organization will either use the general SDLC described in this document or will have developed a tailored SDLC that meets their specific needs. In either case, NIST recommends that organizations incorporate the associated IT security steps of this general SDLC into their own development process.
This ITL Bulletin summarizes NIST Special Publication 800-64, Security Considerations in the Information Sys tem Development Life Cycle. That guide presents a framework for incorporating security into all phases of the information system development life cycle (SDLC) process, from initiation to...
See full abstract
This ITL Bulletin summarizes NIST Special Publication 800-64, Security
Considerations in the Information Sys
tem Development Life Cycle.
That guide presents a framework for incorporating security into all phases of the information system development life cycle (SDLC) process, from initiation to disposal. It is intended to help organizations select and acquire cost-effective security controls by explaining how to include information system security requirements in the SDLC. A general SDLC include the following five phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition. Each includes a minimum set of security steps needed to effectively incorporate security into a system during its development. An organization will either use the general SDLC described in this document or will have developed a tailored SDLC that meets their specific needs. In either case, NIST recommends that organizations incorporate the associated IT security steps of this general SDLC into their own development process.
Hide full abstract
Keywords
information system security; SDLC; security controls; System Development Life Cycle