NIST Special Publication 800 -160 VOLUME 1 System s Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS MICHAEL McEVILLEY JANET CARRIER OREN This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800- 160v1 This publication contains systems securit y engineering considerations for ISO/IEC/IEEE 15288:2015 , Systems and software engineering — System life cycle processes . It provides security -related implementation guidance for the standard and should be used in conjunction with and as a complement to the standard. NIST Special Publication 800 -160 VOLUME 1 System s Security Engineering Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems RON ROSS Computer Security Division National Institute of Standards and Technology MICHAEL McEVILLEY The MITRE Corporation JANET CARRIER OREN Legg Mason This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800- 160v1 November 2016 INCLUDES UPDATES AS OF 03-21-2018 : PAGE XIII U.S. Department of Commerce Penny Pritzker, Secretary National Institute of Standards and Technology Willie May, Under Secretary of Commerce for Standards and Technology and Director SPECIAL PUBLICATION 800 -160, VOLUME 1 SYSTEMS SECURITY ENGINEERING A M ultidisciplinary Approach in the Engineering of Trustworthy Secure Systems ________________________________________________________________________________________________ PAGE i This publication is available free of charge from: http s://doi.org/10.6028/ NIST.SP.800 -160v1 Authority This publication has been developed by NIST to further its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials ex ercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce, Director of the OMB, or any other federa l official. This publication may be used by nongovernmental organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would, h