The Inner Circle

Hi All,

NIST has released a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems. This final publication offers significant content and design changes that include a renewed emphasis on the importance of systems engineering and viewing systems security engineering as a critical subdiscipline necessary to achieving trustworthy secure systems. This perspective treats security as an emergent property of a system. It requires a disciplined, rigorous engineering process to deliver the security capabilities necessary to protect stakeholders' assets from loss while achieving mission and business success.

Bringing security out of its traditional stovepipe and viewing it as an emergent system property helps to ensure that only authorized system behaviors and outcomes occur, much like the engineering processes that address safety, reliability, availability, and maintainability in building spacecraft, airplanes, and bridges. Treating security as a subdiscipline of systems engineering facilitates comprehensive trade space decision-making as stakeholders continually address cost, schedule, and performance issues, as well as the uncertainties associated with system development efforts.

In particular, the final publication:
• Provides a renewed focus on the design principles and concepts for engineering trustworthy secure systems, distributing the content across several redesigned initial chapters
• Relocates the detailed system life cycle processes and security considerations to separate appendices for ease of use
• Streamlines the design principles for trustworthy secure systems by eliminating two previous design principle categories
• Includes a new introduction to the system life cycle processes and describes key relationships among those processes
• Clarifies key systems engineering and systems security engineering terminology
• Simplifies the structure of the system life cycle processes, activities, tasks, and references
• Provides additional references to international standards and technical guidance to better support the security aspects of the systems engineering process

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

It's amazing how we can put all this energy into Zero Trust initiatives, yet continue to inject this word into the guidance and standards.  This is a valuable document, but I'd love to see NIST adopt verbiage that doesn't reinforce this idea that trust has a place in digital systems.

If there's one thing we can do here at CSA, it would be to ensure that the word 'trust' is as vilified as possible in any context related to digital systems.

------------------------------
Jonathan Flack Managing Director, ACM, CNCF, CSA
------------------------------

Original Message:
Sent: Nov 16, 2022 11:58:40 AM
From: Michael Roza
Subject: NIST Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems

Hi All,

NIST has released a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems. This final publication offers significant content and design changes that include a renewed emphasis on the importance of systems engineering and viewing systems security engineering as a critical subdiscipline necessary to achieving trustworthy secure systems. This perspective treats security as an emergent property of a system. It requires a disciplined, rigorous engineering process to deliver the security capabilities necessary to protect stakeholders' assets from loss while achieving mission and business success.

Bringing security out of its traditional stovepipe and viewing it as an emergent system property helps to ensure that only authorized system behaviors and outcomes occur, much like the engineering processes that address safety, reliability, availability, and maintainability in building spacecraft, airplanes, and bridges. Treating security as a subdiscipline of systems engineering facilitates comprehensive trade space decision-making as stakeholders continually address cost, schedule, and performance issues, as well as the uncertainties associated with system development efforts.

In particular, the final publication:
• Provides a renewed focus on the design principles and concepts for engineering trustworthy secure systems, distributing the content across several redesigned initial chapters
• Relocates the detailed system life cycle processes and security considerations to separate appendices for ease of use
• Streamlines the design principles for trustworthy secure systems by eliminating two previous design principle categories
• Includes a new introduction to the system life cycle processes and describes key relationships among those processes
• Clarifies key systems engineering and systems security engineering terminology
• Simplifies the structure of the system life cycle processes, activities, tasks, and references
• Provides additional references to international standards and technical guidance to better support the security aspects of the systems engineering process

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

Hi All,

Note that the subject of my post is a bit off. It should say, "Nist Revises Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems"

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------

Original Message:
Sent: Nov 16, 2022 11:58:40 AM
From: Michael Roza
Subject: NIST Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems

Hi All,

NIST has released a major revision to Special Publication (SP) 800-160 Volume 1, Engineering Trustworthy Secure Systems. This final publication offers significant content and design changes that include a renewed emphasis on the importance of systems engineering and viewing systems security engineering as a critical subdiscipline necessary to achieving trustworthy secure systems. This perspective treats security as an emergent property of a system. It requires a disciplined, rigorous engineering process to deliver the security capabilities necessary to protect stakeholders' assets from loss while achieving mission and business success.

Bringing security out of its traditional stovepipe and viewing it as an emergent system property helps to ensure that only authorized system behaviors and outcomes occur, much like the engineering processes that address safety, reliability, availability, and maintainability in building spacecraft, airplanes, and bridges. Treating security as a subdiscipline of systems engineering facilitates comprehensive trade space decision-making as stakeholders continually address cost, schedule, and performance issues, as well as the uncertainties associated with system development efforts.

In particular, the final publication:
• Provides a renewed focus on the design principles and concepts for engineering trustworthy secure systems, distributing the content across several redesigned initial chapters
• Relocates the detailed system life cycle processes and security considerations to separate appendices for ease of use
• Streamlines the design principles for trustworthy secure systems by eliminating two previous design principle categories
• Includes a new introduction to the system life cycle processes and describes key relationships among those processes
• Clarifies key systems engineering and systems security engineering terminology
• Simplifies the structure of the system life cycle processes, activities, tasks, and references
• Provides additional references to international standards and technical guidance to better support the security aspects of the systems engineering process

------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------