Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Engineering Principles for IT Security (A Baseline for Achieving Security), Revision A



G Stoneburner, Clark Hayden, Alexis Feringa


The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. This document is to be used by IT security stakeholders and the principles introduced can be applied to general support systems and major applications. EP-ITS presents principles that apply to all systems, not ones tied to specific technology areas. These principles provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of IT security capabilities can be constructed. While the primary focus of these principles remains on the implementation of technical countermeasures, these principles highlight the fact that, to be effective, a system security design should also consider non-technical issues, such as policy, operational procedures, and user education. [Supersedes SP 800-27 (June 2001):]
Special Publication (NIST SP) - 800-27 Rev A
Report Number
800-27 Rev A


computer security, engineering principles, IT security, security baseline


Stoneburner, G. , Hayden, C. and Feringa, A. (2004), Engineering Principles for IT Security (A Baseline for Achieving Security), Revision A, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 30, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created June 21, 2004, Updated February 19, 2017