Computer, I.
(1980),
Guidelines for Security of Computer Applications, Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD
(Accessed April 17, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guidelines for Security of Computer Applications
Published
Author(s)
Institute for Computer Sciences and Technology National Bureau of Standards
Abstract
[Withdrawn February 8, 2005] Security decisions should be an integral part of the entire planning, development, and operation of a computer application. This guideline describes the technical and managerial decisions that should be made in order to assure that adequate controls are included in new and existing computer applications to protect them from natural and human-made hazards and to assure that critical functions are performed correctly and with no harmful side effects. The multifaceted nature of computer security is described, and differences in security objectives, sensitivity levels, and vulnerabilities that must be considered are identified. Fundamental security controls such as data validation, user identity verification, authorization, journalling, variance detection, and encryption are discussed as well as security-related decisions that should be made at each stage in the life cycle of a computer application. These include questions about security feasibility and risk assessment that should be asked during initial planning, decisions that should be made during the design, programming and testing phases, controls that should be enforced during the development process, and security provisions that should be enforced during the day-to-day operation of the system.Citation
Federal Inf. Process. Stds. (NIST FIPS) - 73
Report Number
73
NIST Pub Series
Pub Type
NIST Pubs
Keywords
ADP availability, ADP security, application system security: computer applications, computer reliability, computer security, data confidentiality, data integrity, data security, Federal Information Processing Standards Publication, security controls, system life cycle, system security
Citation
Created June 30, 1980, Updated February 19, 2017