Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Engineering Principles for Information Technology Security (A Baseline for Achieving Security)

Published

Author(s)

G Stoneburner, Clark Hayden, Alexis Feringa

Abstract

[Superseded by SP 800-27 Revision A (June 2004): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=151294] The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. Ideally, the principles presented here would be used from the onset of a program--at the beginning of, or during the design phase--and then employed throughout the system's life-cycle. However, these principles are also helpful in affirming and confirming the security posture of already deployed information systems. The principles are short and concise and can be used by organizations to develop their system life-cycle policies.
Citation
Special Publication (NIST SP) - 800-27
Report Number
800-27

Keywords

computer security, engineering principles, IT security, security baseline

Citation

Stoneburner, G. , Hayden, C. and Feringa, A. (2001), Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD (Accessed December 11, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created June 15, 2001, Updated February 19, 2017