The National Institute of Standards and Technology has released draft guidance on how government and private-sector system engineers should incorporate security into critical infrastructures, Nextgov reported Tuesday.
Aliya Sternstein writes that the technical document outlines an 11-step process meant to help information technology professionals identify security requirements and manage a system throughout its life cycle.
“The goal here is reduce the number of vulnerabilities in the system,” said Ron Ross, a NIST fellow and guidance co-author, according to Nextgov.
Nextgov reports the publication follows NIST’s release of a voluntary framework for mitigating critical infrastructure IT risks earlier this year.
“The systems engineering guidelines can be used at various points in that framework lifecycle to help build stronger software so it is well protected,” Ross added, according to Sternstein’s article.
NIST’s new security guidance contains an appendix explaining how to integrate systems security engineering parameters into defense acquisition programs, Nextgov reports.