Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-160 Vol. 1 Rev. 1 (Initial Public Draft)

Engineering Trustworthy Secure Systems

Date Published: January 11, 2022
Comments Due: February 25, 2022 (public comment period is CLOSED)
Email Questions to:


Ron Ross (NIST), Michael McEvilley (MITRE), Mark Winstead (MITRE)


NIST is releasing the draft of a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems. This publication is intended to serve as a reference and educational resource for engineers and engineering specialties, architects, designers, and personnel involved in the development of trustworthy secure systems and system components. The guidance can be applied selectively by organizations, individuals, or engineering teams to improve the security and trustworthiness of systems and system components.

In particular, Draft SP 800-160 Volume 1, Revision 1 focuses on the following strategic objectives, which drove the majority of changes to the publication:

  • More strongly positioning Systems Security Engineering (SSE) as a sub-discipline of Systems Engineering (SE)
  • Emphasizing that the responsibility for engineering trustworthy secure systems is not limited to security specialties and that the achievement of security outcomes must properly align with SE outcomes
  • Aligning SSE practices with safety practices and other disciplines that deal with the loss of assets and the consequences of asset loss
  • Focusing on the assurance of the correctness and effectiveness of the system’s security capability to achieve authorized and intended behaviors and outcomes and control adverse effects and loss
  • More closely aligning systems security engineering work to international standards

NIST is interested in your feedback on the specific changes made to the publication during this update, including the organization and structure of the publication, the presentation of the material, its ease of use, and the applicability of the technical content to current or planned systems engineering initiatives.

We encourage you to submit comments using the comment template provided.

NOTE: A call for patent claims is included on page vi of this draft.  For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.



assurance; developmental engineering; disposal; engineering trades; field engineering; implementation; information security; information security policy; inspection; integration; penetration testing; protection needs; requirements analysis; resilience; review; risk assessment; risk management; risk treatment; security architecture; security authorization; security design; security requirements; specifications; stakeholder; system of systems; system component; system element; system life cycle; systems; systems engineering; systems security engineering; trustworthiness; validation; verification
Control Families

None selected


Security and Privacy

planning, risk assessment, trustworthiness

Laws and Regulations

E-Government Act