- #1
stoomart
- 392
- 132
Looks like a lot of good stuff, I know what I’m doing this weekend!
Summary document on SP 800-160: http://csrc.nist.gov/publications/nistbul/itlbul2016_12.pdf
Summary document on SP 800-160: http://csrc.nist.gov/publications/nistbul/itlbul2016_12.pdf
SP 800-160, Systems Security Engineering: http://dx.doi.org/10.6028/NIST.SP.800-160After four years of research and development, NIST has published a groundbreaking new security guideline, Special Publication (SP) 800-160, Systems Security Engineering. The publication draws from proven system engineering processes to address the longstanding problem of how to build trustworthy, secure systems—systems that can provide continuity of capabilities, functions, services, and operations during a wide range of disruptions, threats, and other hazards.
...
As technology becomes further integrated into the systems that our governments, businesses, critical infrastructure, and citizens depend upon, it is critical that we make progress on improving the reliability of products and services. We must create more trustworthy, secure systems through a holistic approach, applying the proven concepts, principles, and best practices of science and engineering. NIST SP 800-160 is the first step toward securing the things that matter to us. It is the flagship publication in a series of planned systems security engineering publications addressing such topics as hardware security and assurance; software security and assurance; and systems resiliency. Each topic will be addressed in the context of the system life cycle processes contained in ISO/IEC/IEEE 15288 and the security-related activities and tasks that are described in NIST SP 800-160.
Target Audience
• Individuals with systems engineering, architecture, design, development, and integration responsibilities;
• Individuals with software engineering, architecture, design, development, integration, and software maintenance responsibilities;
• Individuals with security governance, risk management, and oversight responsibilities;
• Individuals with independent security verification, validation, testing, evaluation, auditing, assessment, inspection, and monitoring responsibilities;
• Individuals with system security administration, operations, maintenance, sustainment, logistics, and support responsibilities;
• Individuals with acquisition, budgeting, and project management responsibilities;
• Providers of technology products, systems, or services; and
• Academic institutions offering systems security engineering and related programs.