Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guidelines for Security of Computer Applications



Institute for Computer Sciences and Technology National Bureau of Standards


[Withdrawn February 8, 2005] Security decisions should be an integral part of the entire planning, development, and operation of a computer application. This guideline describes the technical and managerial decisions that should be made in order to assure that adequate controls are included in new and existing computer applications to protect them from natural and human-made hazards and to assure that critical functions are performed correctly and with no harmful side effects. The multifaceted nature of computer security is described, and differences in security objectives, sensitivity levels, and vulnerabilities that must be considered are identified. Fundamental security controls such as data validation, user identity verification, authorization, journalling, variance detection, and encryption are discussed as well as security-related decisions that should be made at each stage in the life cycle of a computer application. These include questions about security feasibility and risk assessment that should be asked during initial planning, decisions that should be made during the design, programming and testing phases, controls that should be enforced during the development process, and security provisions that should be enforced during the day-to-day operation of the system.
Federal Inf. Process. Stds. (NIST FIPS) - 73
Report Number


ADP availability, ADP security, application system security: computer applications, computer reliability, computer security, data confidentiality, data integrity, data security, Federal Information Processing Standards Publication, security controls, system life cycle, system security


Computer, I. (1980), Guidelines for Security of Computer Applications, Federal Inf. Process. Stds. (NIST FIPS), National Institute of Standards and Technology, Gaithersburg, MD (Accessed April 12, 2024)
Created June 30, 1980, Updated February 19, 2017