Scheduled maintenance will take place between 6:00 PM ET and 7:00 PM ET on March 10th, 2026. During that time, this site may be temporarily unavailable for a period of approximately two minutes.
Publications
Withdrawn on
November 15, 2017.
Superseded by
SP 800-160
Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
Documentation
Topics
Date Published: June 2004
Supersedes:
SP 800-27 (06/15/2001)
Author(s)
Gary Stoneburner (NIST), Clark Hayden (BAH), Alexis Feringa (BAH)
The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. This document is to be used by IT security stakeholders and the principles introduced can be applied to general support systems and major applications. EP-ITS presents principles that apply to all systems, not ones tied to specific technology areas. These principles provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of IT security capabilities can be constructed. While the primary focus of these principles remains on the implementation of technical countermeasures, these principles highlight the fact that, to be effective, a system security design should also consider non-technical issues, such as policy, operational procedures, and user education.
The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. This document is to be used by IT security stakeholders and the principles introduced...
See full abstract
The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. This document is to be used by IT security stakeholders and the principles introduced can be applied to general support systems and major applications. EP-ITS presents principles that apply to all systems, not ones tied to specific technology areas. These principles provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of IT security capabilities can be constructed. While the primary focus of these principles remains on the implementation of technical countermeasures, these principles highlight the fact that, to be effective, a system security design should also consider non-technical issues, such as policy, operational procedures, and user education.
Hide full abstract
Keywords
engineering principles; IT security; Computer security; security baseline
Control Families
Planning; System and Services Acquisition
