NIST just released the draft of a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems for Comment
This publication is intended to serve as a reference and educational resource for engineers and engineering specialties, architects, designers, and personnel involved in the development of trustworthy secure systems and system components. The guidance can be applied selectively by organizations, individuals, or engineering teams to improve the security and trustworthiness of systems and system components.
In particular, Draft SP 800-160 Volume 1, Revision 1 focuses on the following strategic objectives, which drove the majority of changes to the publication:
• More strongly positioning Systems Security Engineering (SSE) as a sub-discipline of Systems Engineering (SE)
• Emphasizing that the responsibility for engineering trustworthy secure systems is not limited to security specialties and that the achievement of security outcomes must properly align with SE outcomes
• Aligning SSE practices with safety practices and other disciplines that deal with the loss of assets and the consequences of asset loss
• Focusing on the assurance of the correctness and effectiveness of the system's security capability to achieve authorized and intended behaviors and outcomes and control adverse effects and loss
• More closely aligning systems security engineering work to international standards
NIST is interested in your feedback on the specific changes made to the publication during this update, including the organization and structure of the publication, the presentation of the material, its ease of use, and the applicability of the technical content to current or planned systems engineering initiatives.
A public comment period for this document is open through February 25, 2022. See the publication details for a copy of the draft publication and instructions for submitting comments using the comment template provided.
Michael Roza CPA, CISA, CIA, MBA, Exec MBA