Pulse

By GCN Staff

Blog archive

NIST to help IT developers build in security

The National Institutes of Standards and Technology has launched an effort to develop guidelines for building security into IT systems from the beginning instead of at the end of the IT development process.

NIST, which is asking for public comment on initial guidelines for the project, said it wanted to bring in “widely recognized systems and software engineering principles to bear on the problem of information system security from the beginning … rather than trying to tack it on at the end.”

"We need to have the same confidence in the trustworthiness of our IT products and systems that we have in the bridges we drive across or the airplanes we fly in," said Ron Ross, a NIST Fellow.

The guidelines represent an effort to bring the principles of building reliable physical structures to software engineering design, according to NIST.

“Systems security engineering processes, supported by the fields of mathematics, computer science and systems/software engineering, can provide the discipline and structure needed to produce IT components and systems that enjoy the same level of trust and confidence,” according  to NIST.

NIST has released the first set of those guidelines for public comment in a new draft document, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems.

The current draft -- and the first stage of the planned process -- describes the fundamentals of systems security engineering and covers 11 core technical processes in systems and software development.

Later public drafts will add material supporting principles of security, trustworthiness and system resilience; use case scenarios; and important nontechnical processes such as risk management and quality control procedures.

NIST asked for comments on the draft by July 11, 2014, which should be sent to sec-cert@nist.gov. NIST expects to publish the final, complete version of the engineering guidelines by December 2014.

Posted by GCN Staff on May 27, 2014 at 8:31 AM


Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.