NIST SP 800-160 VOl. 1

Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems

 

Abstract

With the continuing frequency, intensity, and adverse consequences of cyber-attacks, disruptions, hazards, and other threats to federal, state, and local governments, the military, businesses, and the critical infrastructure, the need for trustworthy secure systems has never been more important to the long-term economic and national security interests of the United States. Engineering-based solutions are essential to managing the growing complexity, dynamicity, and interconnectedness of today’s systems, as exemplified by cyber-physical systems and systems-of-systems, including the Internet of Things. This publication addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems, inclusive of the machine, physical, and human components that compose the systems and the capabilities and services delivered by those systems. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronics Engineers (IEEE) and infuses systems security engineering methods, practices, and techniques into those systems and software engineering activities. The objective is to address security issues from a stakeholder protection needs, concerns, and requirements perspective and to use established engineering processes to ensure that such needs, concerns, and requirements are addressed with appropriate fidelity and rigor, early and in a sustainable manner throughout the life cycle of the system.

 

연방정부, 주정부 및 지방정부, 군, 기업 및 주요 인프라에 대한 사이버 공격, 중단, 위험 및 기타 위협의 빈도, 강도 및 부작용이 지속적으로 발생함에 따라 신뢰할 수 있는 보안 시스템의 필요성이 미국의 장기적인 경제 및 국가 안보 이익에 이보다 더 중요한 적은 없었다. 엔지니어링 기반 솔루션은 오늘날 시스템의 복잡성, 동적성 및 상호 연결을 관리하는 데 필수적이며, 이는 사이버 물리 시스템 및 사물 인터넷을 포함한 시스템 오브 시스템에서 예시된다. 이 간행물은 시스템을 구성하는 기계, 물리적 및 인적 구성 요소와 해당 시스템이 제공하는 능력 및 서비스를 포함하여 보다 방어 가능하고 생존 가능한 시스템을 개발하는 데 필요한 엔지니어링 중심 관점과 조치를 다룬다. 이는 국제표준화기구(ISO), 국제전기기술위원회(IEC) 및 전기전자공학연구소(IEEE)가 발표한 시스템 및 소프트웨어 엔지니어링에 대한 잘 정립된 국제 표준 세트로 시작하고 이를 기반으로 시스템 보안 엔지니어링 방법, 관행 및 기법을 시스템 및 소프트웨어 엔지니어링 활동에 적용한다. 목표는 이해관계자 보호 요구, 우려 및 요구 사항의 관점에서 보안 문제를 해결하고 그러한 요구 사항, 우려 및 요구 사항이 시스템의 수명 주기 전반에 걸쳐 적절한 충실도와 엄격함으로 조기에 지속 가능한 방식으로 해결되도록 확립된 엔지니어링 프로세스를 사용하는 것이다.