Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Security in the System Development Life Cycle



Annabelle Lee, Tanya L. Brewer


Many system development life cycle (SDLC) models exist that can be used by an organization to effectively develop an information system. Security should be incorporated into all phases, from initiation to disposition, of an SDLC model. This Bulletin lays out a general SDLC that includes five phases. Each of the five phases includes a minimum set of information security tasks needed to effectively incorporate security into a system during its development. It illustrates the information security tasks applicable to each SDLC phase and the relevant references.
ITL Bulletin -


information systems security, SDLC, System Development Life Cycle


Lee, A. and Brewer, T. (2004), Information Security in the System Development Life Cycle, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 15, 2024)
Created September 1, 2004, Updated February 19, 2017