NIST 800-64 Rev2: Detailed Analysis of SDLC Security Considerations

Verified

Added on 2023/01/11

AI Summary

This report provides an overview of NIST Special Publication 800-64 Revision 2, focusing on security considerations within the System Development Life Cycle (SDLC). The report begins by introducing NIST 800-64 Rev2 and its purpose, which is to assist organizations in integrating security into the SDLC. It outlines the importance of security in the SDLC, including enhanced system maintenance and reduced costs. The report then delves into the six phases of SDLC security integration: investigation, analysis, logical design, physical design, implementation, and maintenance and change. Each phase is described in detail, highlighting key activities and considerations. Specifically, the report covers identification of process, outcome, and goals; review of existing security policies; the development of security blueprints; risk analysis; technology selection; and physical security measures. The final section addresses the ongoing monitoring, testing, and updating required to maintain security. This document is designed to help students and professionals understand the critical aspects of securing IT systems during their development and lifecycle management. This report is available on Desklib, a platform that provides students with access to past papers and solved assignments.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

The NIST 800-64 rev2,
Security Considerations in
the System Development
Life Cycle

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1. Overview of
The NIST 800-64
rev2An basic idea of NIST 800-64 rev2

Basic overview
The National Institute of Standards and
Technology (NIST) Special Publication (SP) 800-
64, Security Considerations in the System
Development Life Cycle, is developed so that
it is possible to assist federal government
agencies as it is often complex to integrate
essential information technology (IT) security
steps with the established IT system
development life cycle (SDLC)
3

Meaning of SDLC
System development life cycle (SDLC) is an
integral part of development of any IT system.
it basically consists of various cycles that are
required to complete the development process
of any proposed IT system. basically it consists
of system planning, execution, system
development and system maintenance.
4

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Importance of scurity
in SDLC
▰ provides security to system and information it
process
▰ Provides enhanced system maintenance and also
reduce cost for system management
▰ increase organizational value through effective
and secure data management
5

Phases of SDLC
security integration
There are total six phases involved in securing SDLC and those
are:
▰ Investigation
▰ Analysis
▰ Logical design
▰ Physical design
▰ Implementation
▰ Maintenance and change
6

SDLC security integration
phases
Investigation
▰ Process, outcome and
goal identification
▰ problems analysis
▰ Project scope
identification
▰ constraints
identifucation with
Analysis
▰ review of existing
security policies
▰ Review of legal issues
▰ execution of risk
analysis
logical design
▰ Development of
security blueprint
▰ planning for incident
response
▰ Planning for business
response for disaster
▰ Feasibility review of
outsourcing project7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

SDLC security integration
phases
Physical design
▰ Technology selection to
support security blue
print
▰ Physical security
measure design
▰ Project review and
approval
Implementation
▰ purchase or
development of
security solutions
▰ presentation of tested
package for
management approval
Maintenance and
change
▰ monitoring, testing,
modifying and update
in constant basis for
meeting threats due to
the change process
8