NIST's Generally Accepted Principles and Practices for Securing Information Technology Systems

To provide a common understanding of what is needed and expected in information technology security programs, NIST developed and published Generally Accepted Principles and Practices for Securing Information Technology Systems (Special Pub 800-14) in September 1996. Its eight principles are listed below.

See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach

1. Computer Security Supports the Mission of the Organization

2. Computer Security Is an Integral Element of Sound Management

3. Computer Security Should Be Cost-Effective

4. Systems Owners Have Security Responsibilities Outside Their Own Organizations

5. Computer Security Responsibilities and Accountability Should Be Made Explicit

6. Computer Security Requires a Comprehensive and Integrated Approach

7. Computer Security Should Be Periodically Reassessed

8. Computer Security Is Constrained by Societal Factors


About the Author




Around the Network