Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).

View the beta site
NIST logo

Publication Citation: Security Considerations in the System Development Life Cycle

NIST Authors in Bold

Author(s): Richard L. Kissel; Kevin M. Stine; Matthew A. Scholl; Hart Rossman; J Fahlsing; Jessica Gulick;
Title: Security Considerations in the System Development Life Cycle
Published: October 16, 2008
Abstract: The purpose of this guideline is to assist agencies in building security into their IT development processes. This should result in more cost-effective, risk-appropriate security control identification, development, and testing. This guide focuses on the information security components of the System Development Life Cycle (SDLC). Overall system implementation and development is considered outside the scope of this document. Also considered outside scope is an organization‰s information system governance process. The guideline describes the key security roles and responsibilities that are needed in development of most information systems. Sufficient information about the SDLC is provided to allow a person who is unfamiliar with the SDLC process to understand the relationship between information security and the SDLC. [Supersedes SP 800-64 Rev. 1 (June 2004): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151285]
Citation: Special Publication (NIST SP) - 800-64 Rev 2
Pages: 67 pp.
Keywords: Computer Security, Cyber Security, FISMA, SDLC, System Development Life Cycle
Research Areas: Computer Security, Cybersecurity, System Development Lifecycle (SDLC), Information Technology
DOI: http://dx.doi.org/10.6028/NIST.SP.800-64r2