LEADER 04945oam 2200841 a 450 001 9910698257203321 005 20221226231936.0 024 8 $aGOVPUB-C13-41396cfef51bfa73496026b36b1ec1c7 035 $a(CKB)2430000000035606 035 $a(CtWfDGI)bkg00010237 035 $a(SSID)ssj0000477754 035 $a(PQKBManifestationID)12131097 035 $a(PQKBTitleCode)TC0000477754 035 $a(PQKBWorkID)10513404 035 $a(PQKB)22026930 035 $a(OCoLC)70707645 035 $a(OCoLC)927736143 035 $a(EXLCZ)992430000000035606 100 $a20060826d2004 ua 0 101 0 $aeng 135 $aurzn|||||| 181 $ctxt 182 $cc 183 $acr 200 10$aSecurity considerations in the information system development life cycle$b[electronic resource] $erecommendations of the National Institute of Standards and Technology /$fTim Grance, Joan Hash, Marc Stevens ; Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology 205 $aRev. 210 $aGaithersburg, Md. $cU.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology$d[2004] 210 1$aGaithersburg, MD :$cU.S. Dept. of Commerce, Technology Administration, National Institute of Standards and Technology,$d[2004] 215 $a1 volume (various pagings) $cdigital, PDF file 225 1 $aNIST special publication ;$v800-64.$aComputer security 225 0$aNIST special publication ;$v800-64 Rev. 1 300 $aTitle from title screen. 300 $a"June 2004." 320 $aIncludes bibliographical references. 330 3 $aThe need to provide protection for federal information systems has been present since computers were first used. Including security early in the acquisition process for an information system will usually result in less expensive and more effective security than adding it to an operational system once it has entered service. This guide presents a framework for incorporating security into all phases of the information system development life cycle (SDLC) process, from initiation to disposal. This document is a guide to help organizations select and acquire cost-effective security controls by explaining how to include information system security requirements in the SDLC.Five phases of a general SDLC are discussed in this guide and include the following phases: initiation, acquisition/development, implementation, operations/maintenance, and disposition. Each of these five phases includes a minimum set of security steps needed to effectively incorporate security into a system during its development. An organization will either use the general SDLC described in this document or will have developed a tailored SDLC that meets their specific needs. In either case, NIST recommends that organizations incorporate the associated IT security steps of this general SDLC into their own development process. 531 $aSECURITY CONSIDERATIONS IN THE INFORMATION SYSTEM DEVELOPMENT LIFE CYCLE 606 $aInformation technology$xSecurity measures$zUnited States 606 $aComputer networks$xSecurity measures$zUnited States 606 $aComputer security$xStandards$zUnited States 606 $aInformation technology$xManagement 606 $aFederal government$xComputer networks$xSecurity measures$zUnited States 606 $aAdministrative agencies$xInformation technology$xSecurity measures$zUnited States 606 $aAdministrative agencies$zUnited States$xInformation technology$xManagement 608 $aElectronic books.$2lcsh 610 $aAcquisition 610 $aComputer security 610 $aLife cycle 610 $aProcurement 610 $aRequest for proposal 610 $aRequirement 610 $aSoftware Development Life Cycle (SDLC) 610 $aSpecification 610 $aStatement of work 615 0$aInformation technology$xSecurity measures 615 0$aComputer networks$xSecurity measures 615 0$aComputer security$xStandards 615 0$aInformation technology$xManagement. 615 0$aFederal government$xComputer networks$xSecurity measures 615 0$aAdministrative agencies$xInformation technology$xSecurity measures 615 0$aAdministrative agencies$xInformation technology$xManagement. 676 $a005.8 700 $aGrance$b Timothy$01352387 702 $aHash$b Joan$4aut 702 $aStevens$b Marc$4aut 712 02$aInformation Technology Laboratory (National Institute of Standards and Technology).$bComputer Security Division. 712 02$aNational Institute of Standards and Technology (U.S.) 712 02$aBooks24x7, Inc. 801 0$bCtWfDGI 801 1$bCtWfDGI 906 $aBOOK 912 $a9910698257203321 996 $aSecurity considerations in the information system development life cycle$93174979 997 $aUNINA