Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-64 Rev. 2

Security Considerations in the System Development Life Cycle

Date Published: October 2008

Supersedes: SP 800-64 Rev. 1 (06/16/2004)

Planning Note (05/31/2019):

This withdrawn publication includes content that is out of date. It is provided here for historical reference.

Readers should refer to NIST SP 800-160 Volume 1 for current information about system life cycle processes and systems security engineering. NIST intends to develop a white paper that describes how the Risk Management Framework (SP 800-37 Rev. 2) relates to system development life cycle processes and stages.


Richard Kissel (NIST), Kevin Stine (NIST), Matthew Scholl (NIST), Hart Rossman (SAIC), Jim Fahlsing (SAIC), Jessica Gulick (SAIC)



Cyber Security; FISMA; SDLC; Computer Security; System Development
Control Families

Planning; System and Services Acquisition


Download URL

Supplemental Material:
None available

Related NIST Publications:
SP 800-160 Vol. 1
ITL Bulletin

Document History:
10/16/08: SP 800-64 Rev. 2 (Final)


Security and Privacy

general security & privacy

Laws and Regulations

OMB Circular A-130