Emerging Tech

NIST sets out secure systems engineering framework in final draft SP 800-160 guidance

The agency hopes the guidance will form the basis of educational and training programs.

June 7, 2022

(NIST photo)

The National Institutes of Standards and Technology has published a final version of new guidance on engineering trustworthy secure systems, which it says will provide engineers across government and private enterprise to with essential design principles.

The document sets out specifics definitions for cybersecurity leaders to follow as they implement strategies to protect their organizations, including what constitutes an adequately secure system, what constitutes loss and loss control, and what make up digital asset management.

NIST is seeking comments from industry on the final draft.

According to NIST, the new guidance clarifies terminology used in previous versions and improves references to international standards.

NIST’s new guidance comes amid calls from federal agency leaders and private industry for clearer definition of cybersecurity standards. Department of Defense CIO for cybersecurity Michele Iversen earlier this year warned that the agency’s framework for improving critical infrastructure cybersecurity is not always comprehensive enough to cover the many use cases that arise.

The new guidance took NIST at least five months to develop and follows several previous versions of the document. NIST hopes the guidance will form the basis of educational and training programs including professional certifications.

Revisions place renewed emphasis on systems security engineering (SSE) as a critical subdiscipline in ensuring trustworthy systems.

“This perspective treats security as an emergent property of a system,” reads the guidance. “It requires a disciplined, rigorous engineering process to deliver the security capabilities necessary to protect stakeholders’ assets from loss while achieving mission and business success.”

Stakeholders continually address cost, schedule and performance issues throughout system development, and the perspective can be applied to securing any system.

The guidance includes streamlined design principles for engineering trustworthy secure systems, simplified system life cycle processes and security considerations, clarified SSE terminology, and additional references to international standards and technical guidance.

Editor’s note: This story was updated to clarify that the document is a final draft of the new guidance.

NIST sets out secure systems engineering framework in final draft SP 800-160 guidance

More Like This

Bipartisan House bill calls on DHS to leverage AI for border security

U.S. is leading the way in R&D, but tech workforce development is still a concern for federal officials

Cybersecurity executive order requirements are nearly complete, GAO says

Top Stories

Generative AI could raise questions for federal records laws

White House hopeful ‘more maturity’ of data collection will improve AI inventories

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

State Department encouraging workers to use ChatGPT

Federal CIO calls on Congress to fund Technology Modernization Fund

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

More Scoops

NSF, NIST appropriations cuts met with disappointment as Biden seeks increases

Updated NIST cybersecurity framework adds core function, focuses on supply chain risk management

Bipartisan Senate proposal calls for AI workforce framework from NIST

New legislation would give NIST drone cybersecurity responsibilities

IRS changes public password policies to match NIST guidance

Proactive approach from White House, NIST needed for facial recognition technology, report says

Labor Department CISO ‘somewhat disappointed’ by lack of appropriations to fund cyber modernization efforts

Latest Podcasts

NIST sets out secure systems engineering framework in final draft SP 800-160 guidance

Los Angeles CIO discusses how AI and cloud technologies transform urban public services

GSA wants to be the leader in federal generative AI

AI Week 2024 has Come and Gone

Tech

Defense

Cyber

Acquisition