Research Catalog

Security considerations in the information system development life cycle

Title
Security considerations in the information system development life cycle / T. Grance, J. Hash, M. Stevens.
Author
Grance, T.
Publication
Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, 2003.

Available Online

https://purl.fdlp.gov/GPO/gpo97417

Details

Additional Authors
  • Hash, J.
  • Stevens, M.
  • National Institute of Standards and Technology (U.S.). Computer Security Division.
Description
1 online resource.
Summary
The need to provide protection for federal information systems has been present since computers were first used. Including security early in the acquisition process for an information system will usually result in less expensive and more effective security than adding it to an operational system once it has entered service. This guide presents a framework for incorporating security into all phases of the information system development life cycle (SDLC) process, from initiation to disposal. This document is a guide to help organizations select and acquire cost-effective security controls by explaining how to include information system security requirements in the SDLC.Five phases of a general SDLC are discussed in this guide and include the following phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition. Each of these five phases includes a minimum set of security steps needed to effectively incorporate security into a system during its development. An organization will either use the general SDLC described in this document or will have developed a tailored SDLC that meets their specific needs. In either case, NIST recommends that organizations incorporate the associated IT security steps of this general SDLC into their own development process.
Series Statement
NIST special publication ; 800-64
Uniform Title
NIST special publication ; 800-64.
Subject
  • Acquisition
  • Computer security
  • Life cycle
  • Procurement
  • Request for proposal
  • Requirement
  • Software Development Life Cycle (SDLC)
  • Specification
  • Statement of work
Note
  • 2003.
  • Contributed record: Metadata reviewed, not verified. Some fields updated by batch processes.
  • Superseded by NIST Special Publication 800-64r1.
  • Title from PDF title page.
Bibliography (note)
  • Includes bibliographical references.
Call Number
GPO Internet C 13.10:800-64
LCCN
GOVPUB-C13-41396cfef51bfa73496026b36b1ec1c7
OCLC
marcive927736143
Author
Grance, T.
Title
Security considerations in the information system development life cycle / T. Grance, J. Hash, M. Stevens.
Publisher
Gaithersburg, MD : U.S. Dept. of Commerce, National Institute of Standards and Technology, 2003.
Type of Content
text
Type of Medium
computer
Type of Carrier
online resource
Series
NIST special publication ; 800-64
NIST special publication ; 800-64.
Bibliography
Includes bibliographical references.
Connect to:
https://purl.fdlp.gov/GPO/gpo97417
Indexed Term
Acquisition
Computer security
Life cycle
Procurement
Request for proposal
Requirement
Software Development Life Cycle (SDLC)
Specification
Statement of work
Added Author
Grance, T.
Hash, J.
Stevens, M.
National Institute of Standards and Technology (U.S.). Computer Security Division.
Other Standard Identifier
GOVPUB-C13-41396cfef51bfa73496026b36b1ec1c7
Gpo Item No.
0247 (online)
Sudoc No.
C 13.10:800-64
View in Legacy Catalog