NIST's Generally Accepted Principles and Practices for Securing Information Technology Systems
To provide a common understanding of what is needed and expected in information technology security programs, NIST developed and published Generally Accepted Principles and Practices for Securing Information Technology Systems (Special Pub 800-14) in September 1996. Its eight principles are listed below.
See Also: Risk-Based Authentication eBook: How Duo Can Reduce Risks for Hybrid Work
1. Computer Security Supports the Mission of the Organization
2. Computer Security Is an Integral Element of Sound Management
3. Computer Security Should Be Cost-Effective
4. Systems Owners Have Security Responsibilities Outside Their Own Organizations
5. Computer Security Responsibilities and Accountability Should Be Made Explicit
6. Computer Security Requires a Comprehensive and Integrated Approach
7. Computer Security Should Be Periodically Reassessed
8. Computer Security Is Constrained by Societal Factors