SA-08 Security Engineering Principles
System and Services Acquisition
Description
The organization designs and implements the information system using security engineering principles.\n
Supplemental Guidance
NIST Special Publication 800-27 provides guidance on engineering principles for information system security. The application of security engineering principles is primarily targeted at new development information systems or systems undergoing major upgrades and is integrated into the system development life cycle. For legacy information systems, the organization applies security engineering principles to system upgrades and modifications, to the extent feasible, given the current state of the hardware, software, and firmware components within the system.\n
Changes from Rev 4
Title changed from 'Security Engineering Principles' Control text adds privacy and system components New parameter requires specifying applicable systems security and privacy engineering principles Discussion expanded to explain benefits Incorporates withdrawn control SA-13
Enhancements
(0) None.\n