NIST is releasing the final public draft of a major revision
to Special
Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems.
This final public draft offers significant content and design changes that
include a renewed emphasis on the importance of systems engineering and viewing
systems security engineering as a critical subdiscipline necessary to achieving
trustworthy secure systems. This perspective treats security as an emergent
property of a system. It requires a disciplined, rigorous engineering process
to deliver the security capabilities necessary to protect stakeholders’ assets
from loss while achieving mission and business success.
Bringing security out of its traditional stovepipe and viewing it
as an emergent system property helps to ensure that only authorized system
behaviors and outcomes occur, much like the engineering processes that address
safety, reliability, availability, and maintainability in building spacecraft,
airplanes, and bridges. Treating security as a subdiscipline of systems
engineering also facilitates making comprehensive trade space decisions as
stakeholders continually address cost, schedule, and performance issues, as
well as the uncertainties associated with system development efforts.
In particular, this final public draft:
- Provides a renewed focus on the
design principles and concepts for engineering trustworthy secure systems,
distributing the content across several redesigned initial chapters - Relocates the detailed system
life cycle processes and security considerations to separate appendices
for ease of use - Streamlines the design
principles for trustworthy secure systems by eliminating two previous
design principle categories - Includes a new introduction to
the system life cycle processes and describes key relationships among
those processes - Clarifies key systems
engineering and systems security engineering terminology - Simplifies the structure of the
system life cycle processes, activities, tasks, and references - Provides additional references
to international standards and technical guidance to better support the
security aspects of the systems engineering process
NIST is interested in your feedback on the specific changes made
to the publication during this update, including the organization and structure
of the publication, the presentation of the material, its ease of use, and the
applicability of the technical content to current or planned systems
engineering initiatives.
The public comment period is open through July 8, 2022. See
the publication details for instructions on submitting
comments, including a template for preparing comments.
NOTE: A call for patent claims is included on page v of this
draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy–Inclusion of
Patents in ITL Publications.