Forum: Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems, Part 1

Moderators: Ron Ross, NIST; Michael McEvilley, MITRE Corporation

Abstract:

This two-part session will bring together two of the primary authors of NIST Special Publication 800-160, Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems, for an open and candid discussion about the development strategy and key technical considerations that will be driving the final publication targeted for completion in 2015. In this session, Ron Ross and Michael McEvilley will discuss:

• the content contained in the initial public draft of SP 800-160,

• systems security engineering goals and objectives

• concepts, principles, and techniques for developing trustworthy systems,

• the IEEE/ISO/IEC 15288 Systems and Software Engineering process and system security engineering extensions

• the importance of assurance in trusted systems development

• the feedback received by NIST during the initial public review and comment period for SP 800-160

• public comment trends and focal points

• insights obtained from reviewing the feedback received

• the expected content for the second public draft of SP 800-160

• specific changes for the main chapters of SP 800-160 including projected updates to the IEEE/ISO/IEC 15288 standard

• anticipated changes for the document appendices and integration of NIST Risk Management Framework concepts.

The session will be highly interactive with an extended Question and Answer segment with attendees having the opportunity to make suggestions directly to the author team.