Ron Ross: NIST Proposes Infrastructure Security Engineering Guidelines

cybersecurityThe National Institute of Standards and Technology has released draft guidance on how government and private-sector system engineers should incorporate security into critical infrastructures, Nextgov reported Tuesday.

Aliya Sternstein writes that the technical document outlines an 11-step process meant to help information technology professionals identify security requirements and manage a system throughout its life cycle.

“The goal here is reduce the number of vulnerabilities in the system,” said Ron Ross, a NIST fellow and guidance co-author, according to Nextgov.

Nextgov reports the publication follows NIST’s release of a voluntary framework for mitigating critical infrastructure IT risks earlier this year.

“The systems engineering guidelines can be used at various points in that framework lifecycle to help build stronger software so it is well protected,” Ross added, according to Sternstein’s article.

NIST’s new security guidance contains an appendix explaining how to integrate systems security engineering parameters into defense acquisition programs, Nextgov reports.

You may also be interested in...

Cybersecurity

DHS, NIST List Goals for Cyber Best Practices

The Department of Homeland Security (DHS) and the National Institutes of Standards and Technology (NIST) have jointly classified cybersecurity practices into nine categories as bases for cyber performance goals. The nine categories each have specific objectives with regard to how secure control systems are operated and deployed, NIST said Thursday.

Leave a Reply

Your email address will not be published. Required fields are marked *