Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Security (IS) in the System Development Life Cycle (SDLC)

Published

Author(s)

Ae-kyoung Lee, Tanya L. Brewer

Abstract

Many system development life cycle (SDLC) models exist that can be used by an organization to effectively develop an information system. Security should be incorporated into all phases, from initiation to disposition, of an SDLC model. This Bulletin lays out a general SDLC that includes five phases. Each of the five phases includes a minimum set of information security tasks needed to effectively incorporate security into a system during its development. It illustrates the information security tasks applicable to each SDLC phase and the relevant references.
Citation
Electronic Publication

Keywords

information security, system development lifecycle, system life cycle security

Citation

Lee, A. and Brewer, T. (2004), Information Security (IS) in the System Development Life Cycle (SDLC), Electronic Publication, [online], http://csrc.nist.gov/groups/SMA/sdlc/index.html (Accessed October 7, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 31, 2004, Updated October 12, 2021
Was this page helpful?