04945oam 2200841 a 450 991069825720332120221226231936.0GOVPUB-C13-41396cfef51bfa73496026b36b1ec1c7(CKB)2430000000035606(CtWfDGI)bkg00010237(SSID)ssj0000477754(PQKBManifestationID)12131097(PQKBTitleCode)TC0000477754(PQKBWorkID)10513404(PQKB)22026930(OCoLC)70707645(OCoLC)927736143(EXLCZ)99243000000003560620060826d2004 ua 0engurzn||||||txtccrSecurity considerations in the information system development life cycle[electronic resource] recommendations of the National Institute of Standards and Technology /Tim Grance, Joan Hash, Marc Stevens ; Computer Security Division, Information Technology Laboratory, National Institute of Standards and TechnologyRev.Gaithersburg, Md. U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology[2004]Gaithersburg, MD :U.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology,[2004]1 volume (various pagings) digital, PDF fileNIST special publication ;800-64.Computer securityNIST special publication ;800-64 Rev. 1Title from title screen."June 2004."Includes bibliographical references.The need to provide protection for federal information systems has been present since computers were first used. Including security early in the acquisition process for an information system will usually result in less expensive and more effective security than adding it to an operational system once it has entered service. This guide presents a framework for incorporating security into all phases of the information system development life cycle (SDLC) process, from initiation to disposal. This document is a guide to help organizations select and acquire cost-effective security controls by explaining how to include information system security requirements in the SDLC.Five phases of a general SDLC are discussed in this guide and include the following phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition. Each of these five phases includes a minimum set of security steps needed to effectively incorporate security into a system during its development. An organization will either use the general SDLC described in this document or will have developed a tailored SDLC that meets their specific needs. In either case, NIST recommends that organizations incorporate the associated IT security steps of this general SDLC into their own development process.SECURITY CONSIDERATIONS IN THE INFORMATION SYSTEM DEVELOPMENT LIFE CYCLEInformation technologySecurity measuresUnited StatesComputer networksSecurity measuresUnited StatesComputer securityStandardsUnited StatesInformation technologyManagementFederal governmentComputer networksSecurity measuresUnited StatesAdministrative agenciesInformation technologySecurity measuresUnited StatesAdministrative agenciesUnited StatesInformation technologyManagementElectronic books.lcshAcquisitionComputer securityLife cycleProcurementRequest for proposalRequirementSoftware Development Life Cycle (SDLC)SpecificationStatement of workInformation technologySecurity measuresComputer networksSecurity measuresComputer securityStandardsInformation technologyManagement.Federal governmentComputer networksSecurity measuresAdministrative agenciesInformation technologySecurity measuresAdministrative agenciesInformation technologyManagement.005.8Grance Timothy1352387Hash JoanautStevens MarcautInformation Technology Laboratory (National Institute of Standards and Technology).Computer Security Division.National Institute of Standards and Technology (U.S.)Books24x7, Inc.CtWfDGICtWfDGIBOOK9910698257203321Security considerations in the information system development life cycle3174979UNINA