Forum: NIST SP 800-160 Draft

NIST SP800-160 defines Systems Security Engineering (SSE) as a specialty
discipline of systems engineering and advocates for complete integration
of SSE into every systems engineering activity conducted regardless of
where and when in the system life cycle it is conducted. Systems
security engineering draws on well-established security principles,
concepts, and techniques to leverage, adapt, and supplement the relevant
principles and practices of systems engineering—thus enabling delivery
of trustworthy, resilient systems that satisfy stakeholder requirements
and enforce the organizational security policies within the constraints
and risk tolerance defined by the stakeholders.

NIST SP800-160 has the objectives: (i) to provide a comprehensive
statement of the systems security engineering discipline; (ii) to foster
a common mindset to deliver security for any system; (iii) to advance
the field of systems security engineering so that it can be applied and
studied; (iv) to demonstrate how systems security engineering processes
can be effectively integrated into systems engineering processes; and
(v) to serve as a basis for the development of educational and training
programs, including the development of individual certifications and
other professional assessment criteria.

This session will provide a status report on the new NIST systems
security engineering publication that will be unveiled in 2016.