tailieunhanh - Security Considerations in the System Development Life Cycle

To borrow a leaf from the Malawi Centre for Distance and Continuing Education, here are some areas they identified as having potential for both macro and micro projects in a DE set up. At their planning meeting (June 2006), they classified these areas into three categories, namely, projects to do with DE management and administration, programmes development, and learner support. Space has been left for you to add any areas you think forms part of each category, but has not been mentioned. . | NIST Special Publication 800-64 Revision 2 National Institute of Standards and Technology . Department of Commerce Security Considerations in the System Development Life Cycle Richard Kissel Kevin Stine Matthew Scholl Hart Rossman Jim Fahlsing Jessica Gulick I N F O R M A T I O N S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg MD 20899-8930 October 2008 . Department of Commerce Carlos M. Gutierrez Secretary National Institute of Standards and Technology Patrick D. Gallagher Deputy Director Reports on Computer Systems Technology The Information Technology Laboratory ITL at the National Institute of Standards and Technology NIST promotes the . economy and public welfare by providing technical leadership for the Nation s measurement and standards infrastructure. ITL develops tests test methods reference data proof of concept implementations and technical analyses to advance the development and productive use of information technology. ITL s responsibilities include the development of management administrative technical and physical standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in federal computer systems. This Special Publication 800-series reports on ITL s research guidelines and outreach efforts in information security and its collaborative activities with industry government and academic organizations. i Authority This document has been developed by the National Institute of Standards and Technology NIST in furtherance of its statutory responsibilities under the Federal Information Security Management Act FISMA of 2002 Public Law 107-347. NIST is responsible for developing standards and guidelines including minimum requirements for providing adequate information security for all agency operations and assets but such standards and guidelines shall not apply to national security systems. This guideline is .