NIST SP 800-160 document offers revised guidance on engineering trustworthy secure systems

The National Institute of Standards and Technology (NIST) published on Wednesday a major update that intends to advance systems engineering in developing trustworthy systems for contested operating environments, generally referred to as systems security engineering. The document also serves as a basis for developing educational and training programs, professional certifications, and other assessment criteria. 

Titled, ‘Engineering Trustworthy Secure Systems,’ the NIST SP 800-160 Volume 1 Revision 1 document forms the basis for establishing principles, concepts, activities, and tasks for engineering trustworthy secure systems. It covers the principles, concepts, activities, and tasks that can be applied within systems engineering efforts to foster a common mindset to deliver security for any system, regardless of the system’s purpose, type, scope, size, complexity, or stage of its system life cycle. 

The NIST SP 800-160 document said that establishing the problem, solution, and trustworthiness contexts as key components of a systems security engineering framework helps ensure that the security of a system is based on achieving a sufficiently complete understanding of the problem as defined by a set of stakeholder security objectives, security concerns, protection needs, and security requirements. The understanding is essential to developing effective security solutions – that is, a system that is sufficiently trustworthy and adequately secure to protect stakeholders’ assets in terms of loss and the associated consequences.

The document also identifies that systems security engineering provides complementary engineering capabilities that extend the concept of trustworthiness to deliver trustworthy secure systems. Trustworthiness is not only about demonstrably meeting a set of requirements, but the requirements must also be complete, consistent, and correct. 

The systems security engineering framework emphasizes an integrated, holistic security perspective across all system life cycle stages and is applied to satisfy the milestone objectives of each life cycle stage. It defines three contexts – the problem context, the solution context, and the trustworthiness context for conducting activities and tasks. It also helps ensure that the engineering is driven by a sufficiently complete understanding of the problem, and the understanding drives the effort to provide the solution and is supported by a set of activities to design and realize the solution. It also demonstrates the worthiness of the solution in providing adequate security across competing and often conflicting constraints.

“From a security perspective, a trustworthy system meets a set of well-defined requirements, including security requirements. Through evidence and expert judgment, trustworthy secure systems can limit and prevent the effects of modern adversities,” Ron Ross, project leader for systems security engineering and a fellow at NIST, wrote in the document. “Such adversities come in malicious and non-malicious forms and can emanate from a variety of sources, including physical and electronic. Adversities can include attacks from determined and capable adversaries, human errors of omission and commission, accidents and incidents, component faults and failures, abuses and misuses, and natural and human-made disasters.”

The NIST SP 800-160 document identifies that while the framework appears to follow a sequential execution across the three contexts, it is intended to be implemented in a closed-loop iterative and recursive manner. “This approach facilitates a refinement of the problem statement, the proposed solution, and the trustworthiness objectives as the design evolves from concept to the realized solution,” it added. 

The closed-loop feedback facilitates interactions among the three framework contexts and the requisite system security analyses to continuously identify and address variances that are introduced into the engineering effort. The feedback loop also helps to achieve continuous process improvement for the system, including viewing the outputs of one life cycle phase (i.e., the solution to the phase) as the inputs to the next phase (i.e., the problem for the next phase).

The NIST publication is intended to serve as a reference and educational resource for systems engineers, engineering specialties, architects, designers, and any individuals involved in the development of trustworthy secure systems and system components. It is meant to be flexible in its application to meet the diverse needs of organizations. There is no expectation that all of the technical content in this publication will be used as part of a systems engineering effort. 

The system life cycle processes described in the NIST SP 800-160 document can take advantage of any system or software development methodology. The processes are equally applicable to waterfall, spiral, DevOps, agile, and other approaches. They can be applied recursively, iteratively, concurrently, sequentially, or in parallel and to any system regardless of its size, complexity, purpose, scope, operational environment, or special nature. The full extent of the application of the content in the publication is guided by stakeholder capability needs, protection needs, and concerns with particular attention paid to considerations of cost, schedule, and performance.

The document also provides an overview of systems engineering and the fundamental concepts associated with engineering trustworthy secure systems. It also includes basic concepts that address the structure and types of systems, systems engineering foundations, and the concepts of trust and trustworthiness of systems and system components. 

Additionally, the NIST SP 800-160 document describes foundational system security concepts and an engineering perspective to building trustworthy secure systems. This includes the concepts of security and system security, the nature and character of systems, the concepts of assets and asset loss, reasoning about asset loss, defining protection needs, system security viewpoints, demonstrating system security, and an introduction to systems security engineering. The document also provides a systems security engineering framework that includes a problem context, solution context, and trustworthiness context. 

The NIST SP 800-160 document provides a basis for establishing a discipline for systems security engineering as part of systems engineering in terms of its principles, concepts, activities, and tasks. It also seeks to foster a common mindset to deliver security for any system, regardless of its purpose, type, scope, size, complexity, or stage of the system life cycle. 

Additionally, it works towards demonstrating how selected systems security engineering principles, concepts, activities, and tasks can be effectively applied to systems engineering activities. It also advances the field of systems security engineering as a discipline that can be applied and studied, and serve as a basis for the development of educational and training programs, including individual certifications and other professional assessment criteria.

In June, the NIST released the final public draft of the SP 800-160 document that included a certain amount of noteworthy content and design changes, with a renewed emphasis on the importance of systems engineering. It also focuses on the need to view systems security engineering as a critical subdiscipline necessary to achieve trustworthy secure systems.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.