NIST's Generally Accepted Principles and Practices for Securing Information Technology Systems

To provide a common understanding of what is needed and expected in information technology security programs, NIST developed and published Generally Accepted Principles and Practices for Securing Information Technology Systems (Special Pub 800-14) in September 1996. Its eight principles are listed below.

See Also: BSIMM: How To Assess Your Software Security Initiative

1. Computer Security Supports the Mission of the Organization

2. Computer Security Is an Integral Element of Sound Management

3. Computer Security Should Be Cost-Effective

4. Systems Owners Have Security Responsibilities Outside Their Own Organizations

5. Computer Security Responsibilities and Accountability Should Be Made Explicit

6. Computer Security Requires a Comprehensive and Integrated Approach

7. Computer Security Should Be Periodically Reassessed

8. Computer Security Is Constrained by Societal Factors


About the Author




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.