U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Guide to Auditing for Controls and Security: A System Development Life Cycle Approach

Published

Author(s)

Zella G. Ruthberg, Bonnie T. Fisher, William E. Perry, John W. Lainhart, James G. Cox, Mark Gillen, Douglas B. Hunt

Abstract

This guide addresses auditing the system development life cycle (SDLC) process for an automated information system (AIS), to ensure that controls and security are designed and built into the system. The guide also presents a process for deciding which system to audit among an organization's universe of systems. It is directed toward mid-level ADP auditors having a minimum of two years experience in ADP auditing, but can also be used by security reviewers, quality assurance personnel, and as a training tool for less experienced ADP auditors. ADP managers and system developers will also find it useful guidance on security and control issues. The guide is designed to provide audit/review programs for each major phase of the SDLC process and assumes a large sensitive system. The reader is expected to make appropriate modifications for small less sensitive systems. The guide represents the results of the past four years of activities by the Electronic Data Processing (EDP) Systems Review and Security Work Group of the Computer Security Project within the President's Council on Integrity and Efficiency (PCIE).
Citation
Special Publication (NIST SP) - 500-153
Report Number
500-153
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

DOI Link

Keywords

audit, computer security, SDLC, system development life cycle
Information technology and Cybersecurity

Citation

Ruthberg, Z. , Fisher, B. , Perry, W. , Lainhart, J. , Cox, J. , Gillen, M. and Hunt, D. (1988), Guide to Auditing for Controls and Security: A System Development Life Cycle Approach, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NBS.SP.500-153 (Accessed May 4, 2024)

Created April 1, 1988, Updated November 10, 2018