NIST SP 800-27 Rev A, 2004

NIST SP 800-27 Rev A: Engineering Principles for Information Technology Security - A Baseline for Achieving Security

Type

NIST Special Publication

Year

2004

Authors

Stoneburner, G., Hayden, C., Feringa, A.

Identifiers

  • Report #: NIST SP 800-27 Rev A

Status

Withdrawn on November 15, 2017. Superseded by SP 800-160

 

Abstract

The Engineering Principles for Information Technology (IT) Security (EP-ITS) presents a list of system-level security principles to be considered in the design, development, and operation of an information system. This document is to be used by IT security stakeholders and the principles introduced can be applied to general support systems and major applications. EP-ITS presents principles that apply to all systems, not ones tied to specific technology areas. These principles provide a foundation upon which a more consistent and structured approach to the design, development, and implementation of IT security capabilities can be constructed. While the primary focus of these principles remains on the implementation of technical countermeasures, these principles highlight the fact that, to be effective, a system security design should also consider non-technical issues, such as policy, operational procedures, and user education.

(NIST, accessed 6 March 2021)

Links

Citation

Stoneburner, G., Hayden, C., Feringa, A., 2004. NIST SP 800-27 (Revision A): Engineering Principles for Information Technology Security (A Baseline for Achieving Security). NIST.


Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.


This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.