The National Institute of Standards and Technology has released the first of four guideline documents meant to adapt widely used systems and software engineering standards to the specific needs of security engineering.
It said the engineering-driven guidelines are meant to be broadly applicable, including for small and large systems in the public sector.
The current draft – Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems – covers systems security engineering fundamentals, elements and concepts, featuring 11 core technical processes in systems and software development.
Later public drafts will add material on principles of security, trustworthiness and system-resilience, use-case scenarios, and important nontechnical processes such as risk management and quality control procedures, says NIST.
The draft is here: http://csrc.nist.gov/publications/PubsDrafts.html#800-160