NIST has released a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems. This final publication offers significant content and design changes that include a renewed emphasis on the importance of systems engineering and viewing systems security engineering as a critical subdiscipline necessary to achieving trustworthy secure systems. This perspective treats security as an emergent property of a system. It requires a disciplined, rigorous engineering process to deliver the security capabilities necessary to protect stakeholders’ assets from loss while achieving mission and business success.
Bringing security out of its traditional stovepipe and viewing it as an emergent system property helps to ensure that only authorized system behaviors and outcomes occur, much like the engineering processes that address safety, reliability, availability, and maintainability in building spacecraft, airplanes, and bridges. Treating security as a subdiscipline of systems engineering facilitates comprehensive trade space decision-making as stakeholders continually address cost, schedule, and performance issues, as well as the uncertainties associated with system development efforts.
In particular, the final publication: