The IT Law Wiki


National Institute of Standards and Technology, Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A (NIST Special Publication 800-27 Rev A) (June 2004) (full-text).


The purpose of the Engineering Principles for Information Technology Security (EP-ITS) is to present a list of system-level security principles to be considered in the design, development, and operation of an information system. Ideally, the principles presented in this publication would be used from the onset of a program — at the beginning of, or during the initiation phase — and then employed throughout the system's life cycle. However, these principles are also helpful in affirming and confirming the security posture of already deployed information systems. The principles are short and concise and can be used by organizations to develop their system life cycle policies.