|
1.
|
Clear description of the referenced document:
|
|
|
|
Name:
|
NIST SP 800-160v1 (2018)
|
|
Title:
|
Systems security engineering - Considerations for a multidisciplinary approach in the engineering of trustworthy secure systems.
|
|
|
2.
|
Status of approval:
|
|
|
Approved
|
|
3.
|
Justification for the specific reference:
|
|
|
The referenced document is the text on which draft Recommendation X.sgos is based.
|
|
4.
|
Current information, if any, about IPR issues:
|
|
|
None
|
|
5.
|
Other useful information describing the "Quality" of the document:
|
|
|
NIST SP 800-160 v1 was published by NIST in 2018.
|
|
6.
|
The degree of stability or maturity of the document:
|
|
|
NIST SP 800-160 v1 was published by NIST in 2018.
|
|
7.
|
Relationship with other existing or emerging documents:
|
|
|
NIST SP 800-160 v1 was published by NIST in 2018.
|
|
8.
|
Any explicit references within that referenced document should also be listed:
|
|
|
ANSI/EIA 649B, Configuration Management Standard,./
FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems./
FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems,. /
IEEE 610.12-1990, IEEE Standard Glossary of Software Engineering Terminology./
IEEE 828-2012, IEEE Standard for Configuration Management in Systems and Software Engineering. /
IEEE 1471:2000, IEEE Recommended Practice for Architectural Description of Software-Intensive Systems,./
ISO Guide 73:2009, Risk management – Vocabulary. /
ISO 9000:2015, Quality management systems – Fundamentals and vocabulary./
ISO 9001:2015, Quality management systems – Requirements, /
ISO 9241-210:2010, Ergonomics of human-system interaction — Part 210: Human-centered design for interactive systems, /
ISO 10007:2003, Quality management systems – Guidelines for configuration management,./
ISO/TS 18152:2010, Ergonomics of human-system interaction — Specification for the process assessment of human-system issues./
ISO 31000:2009, Risk management – Principles and guidelines,./
ISO/IEC/IEEE 12207:2008, Systems and software engineering – Software life cycle processes, February 2008./
ISO/IEC 15026-1:2013, Systems and software engineering -- Systems and software assurance -- Part 1: Concepts and vocabulary./
ISO/IEC 15026-2:2011, Systems and software engineering -- Systems and software assurance -- Part 2: Assurance case./
ISO/IEC 15026-3:2015, Systems and software engineering -- Systems and software assurance -- Part 3: System integrity levels./
ISO/IEC 15026-4:2012, Systems and software engineering -- Systems and software assurance -- Part 4: Assurance in the life cycle./
ISO/IEC/IEEE 15288:2015, Systems and software engineering — Systems life cycle processes,./
ISO/IEC 16085:2006, Systems and software engineering — Life cycle processes — Risk management./
ISO/IEC/IEEE 16326:2009, Systems and software engineering — Life cycle processes — Project management./
ISO/IEC 15408-1:2009, Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model./
ISO/IEC 15408-2:2008, Information technology — Security techniques — Evaluation criteria for IT security — Part 2: Security functional requirements./
ISO/IEC 15408-3:2008, Information technology — Security techniques — Evaluation criteria for IT security — Part 3: Security assurance requirements./
ISO/IEC 15939:2007, Systems and software engineering – Measurement process, August 2007./
ISO/IEC 21827:2008, Information technology — Security techniques — Systems Security Engineering — Capability Maturity Model® (SSE-CMM®)./
ISO/IEC 25010:2011, Systems and software engineering – Systems and software Quality Requirements and Evaluation (SQuaRE) – System and software quality models./
ISO/IEC 25030:2007, Software Engineering — Software product Quality Requirements and Evaluation (SQuaRE) — Quality Requirements./
ISO/IEC TR 25060:2010, Systems and software engineering — Systems and software product Quality Requirements and Evaluation (SQuaRE) — Common Industry Format (CIF) for usability: General framework for usability-related information./
ISO/IEC 25063:2014, Systems and software engineering – Systems and software product Quality Requirements and Evaluation (SQuaRE) – Common Industry Format (CIF) for usability: Context of use description./
ISO/IEC TR 24748-1:2010, Systems and software engineering — Life cycle management — Part 1: Guide for life cycle management./
ISO/IEC/IEEE 24765:2010, Systems and software engineering — Vocabulary./
ISO/IEC 27001:2013, Information technology -- Security techniques -- Information security management systems -- Requirements./
ISO/IEC 27002:2013, Information technology -- Security techniques -- Code of practice for information security controls./
ISO/IEC 27034-1:2011, Information technology — Security techniques — Application security — Part 1: Overview and concepts./
ISO/IEC 27036-1:2014, Information technology — Security techniques — Information security for supplier relationships — Part 1: Overview and concepts./
ISO/IEC 27036-2:2014, Information technology — Security techniques — Information security for supplier relationships — Part 2: Requirements./
ISO/IEC 27036-3:2013, Information technology — Security techniques — Information security for supplier relationships — Part 3: Guidelines for information and communication technology supply chain security./
ISO/IEC 29119-1:2013, Software Testing: Concepts and Definitions./
ISO/IEC 29119-2:2013, Software Testing: Test Processes./
ISO/IEC 29119-3:2013, Software Testing: Test Documentation./
ISO/IEC 29119-4:2014, Software Testing: Test Techniques./
ISO/IEC/IEEE 29148:2011, Systems and software engineering — Life cycle processes – Requirements engineering, December 2011./
ISO/IEC/IEEE 42010, Systems and Software Engineering — Architecture description./
NIST SP800-30 Revision 1, Guide for Conducting Risk Assessments. /
NIST SP800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach/
NIST SP800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations./
NIST SP800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans, /
NIST SP800-137, Information Security Continuous Monitoring for Federal Information Systems and Organizations/
NIST SP800-181, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework
|
|
9.
|
Qualification of
NIST:
|
|
|
Qualification of NIST: NIST is recognized under the provisions of ITU-T Recommendation A.5. Qualifying information is on file in TSB.
|
|
10.
|
Other (for any supplementary information):
|
|
|
None.
|
|
