Ross, R.
, McEvilley, M.
and Oren, J.
(2016),
Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=922194
(Accessed October 28, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems
Published
Author(s)
, Michael McEvilley, Janet C. Oren
Abstract
[Superseded by NIST SP 800-160 (November 2016, including updates as of 01-03-2016)] With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to the long-term economic and national security interests of the United States. Engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today's systems, as exemplified by cyber-physical systems and systems-of- systems, including the Internet of Things. This publication addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems, inclusive of the machine, physical, and human components that compose the systems and the capabilities and services delivered by those systems. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronics Engineers (IEEE) and infuses systems security engineering methods, practices, and techniques into those systems and software engineering activities. The objective is to address security issues from a stakeholder protection needs, concerns, and requirements perspective and to use established engineering processes to ensure that such needs, concerns, and requirements are addressed with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of the system.Citation
Special Publication (NIST SP) - 800-160
Report Number
800-160
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
assurance, developmental engineering, disposal, engineering trades, field engineering, implementation, information security, information security policy, inspection, integration, penetration testing, protection needs, requirements analysis, resiliency, review, risk assessment, risk management, risk treatment, security architecture, security authorization, security design, security requirements, specifications, stakeholder, system-of-systems, system component, system element, system life cycle, systems, systems engineering, systems security engineering, trustworthiness, validation, verification.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created November 14, 2016, Updated January 27, 2020