With 205 Controls, 423 enhancements and 1,394 definitions, it's overwhelming! Lucky for you, ISL's Cyber Security Professionals are here to help.

Contact us so we can discuss what Cyber Security controls mean to your organization.

SA-8 : SECURITY ENGINEERING PRINCIPLES

FAMILY: System and Services AcquisitionCLASS: Management

SA-8 : SECURITY ENGINEERING PRINCIPLES

The organization applies information system security engineering principles in the specification, design, development, implementation, and modification of the information system. The application of security engineering principles is primarily targeted at new development information systems or systems undergoing major upgrades and is integrated into the system development life cycle. For legacy information systems, the organization applies security engineering principles to system upgrades and modifications to the extent feasible, given the current state of the hardware, software, and firmware within the system. Examples of security engineering principles include, for example: (i) developing layered protections; (ii) establishing sound security policy, architecture, and controls as the foundation for design; (iii) incorporating security into the system development life cycle; (iv) delineating physical and logical security boundaries; (v) ensuring system developers and integrators are trained on how to develop secure software; (vi) tailoring security controls to meet organizational and operational needs; and (vii) reducing risk to acceptable levels, thus enabling informed risk management decisions.
Control Enhancements:
References: NIST Special Publication 800-27.
Priority and Baseline Allocation:
P1 LOW SA-8 Not Selected MOD SA-8 HIGH SA-8