NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Security Considerations in the System Development Life Cycle

Published

Author(s)

Richard L. Kissel, Kevin M. Stine, Matthew A. Scholl, Hart Rossman, J Fahlsing, Jessica Gulick

Abstract

The purpose of this guideline is to assist agencies in building security into their IT development processes. This should result in more cost-effective, risk-appropriate security control identification, development, and testing. This guide focuses on the information security components of the System Development Life Cycle (SDLC). Overall system implementation and development is considered outside the scope of this document. Also considered outside scope is an organization’s information system governance process. The guideline describes the key security roles and responsibilities that are needed in development of most information systems. Sufficient information about the SDLC is provided to allow a person who is unfamiliar with the SDLC process to understand the relationship between information security and the SDLC. [Supersedes SP 800-64 Rev. 1 (June 2004): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151285]
Citation
Special Publication (NIST SP) - 800-64 Rev 2
Report Number
800-64 Rev 2
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs
Supercedes Publication
Security Considerations in the Information System Development Life Cycle

Download Paper

DOI Link

Keywords

Computer Security, Cyber Security, FISMA, SDLC, System Development Life Cycle
Information technology and Cybersecurity and privacy

Citation

Kissel, R. , Stine, K. , Scholl, M. , Rossman, H. , Fahlsing, J. and Gulick, J. (2008), Security Considerations in the System Development Life Cycle, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.800-64r2 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created October 16, 2008, Updated November 10, 2018
Was this page helpful?