NIST's Generally Accepted Principles and Practices for Securing Information Technology Systems

BankInfoSecurity.com • November 15, 2005

To provide a common understanding of what is needed and expected in information technology security programs, NIST developed and published Generally Accepted Principles and Practices for Securing Information Technology Systems (Special Pub 800-14) in September 1996. Its eight principles are listed below.

See Also: Live Webinar | CybeRx - How to Automatically Protect Rockwell OT Customers from Today’s Cyber-Attacks

1. Computer Security Supports the Mission of the Organization

2. Computer Security Is an Integral Element of Sound Management

3. Computer Security Should Be Cost-Effective

4. Systems Owners Have Security Responsibilities Outside Their Own Organizations

5. Computer Security Responsibilities and Accountability Should Be Made Explicit

6. Computer Security Requires a Comprehensive and Integrated Approach

7. Computer Security Should Be Periodically Reassessed

8. Computer Security Is Constrained by Societal Factors

Governance & Risk Management

Previous
Security solutions for e-banking and e-commerce with credit/debit cards, Part 2 :The best solution (in terms of security)

Next
Financial Institutions on Security Alert Against Keyloggers

About the Author

BankInfoSecurity.com

BankInfoSecurity.com

You might also be interested in …

Bolstering Australia’s Security Posture with Accelerated ZTNA

Bolstering Australia’s Security Posture with Accelerated ZTNA

Webinar | The Cost of Convenience: Exploring the Risks of Password Reuse

Webinar | The Cost of Convenience: Exploring the Risks of Password Reuse

How Okta and AWS Customers Integrate with their Tech Stack of Choice

How Okta and AWS Customers Integrate with their Tech Stack of Choice

Enhancing OT Cyber Resilience: Lessons Learned from Industrial Environments

Enhancing OT Cyber Resilience: Lessons Learned from Industrial Environments

The C-Suite Guide to New SEC Cybersecurity Disclosure Rules

The C-Suite Guide to New SEC Cybersecurity Disclosure Rules

The Criticality of Security Asset Inventory: Moving Beyond IT Asset Management

The Criticality of Security Asset Inventory: Moving Beyond IT Asset Management

Managing the unmanageable: How Shadow IT exists across every team – and how to wrangle it

OnDemand | Navigating the SEC Rules for Enhanced Cybersecurity in IT and OT Environments

OnDemand | Navigating the SEC Rules for Enhanced Cybersecurity in IT and OT Environments

SASE for Secure and Scalable Connectivity Everywhere

SASE for Secure and Scalable Connectivity Everywhere

Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity

How 'Security by Default' Boosts Health Sector Cybersecurity

Identity Security and How to Reduce Risk During M&A

Identity Security and How to Reduce Risk During M&A

Is It Generative AI's Fault, or Do We Blame Human Beings?

Is It Generative AI's Fault, or Do We Blame Human Beings?

Medical Device Cyberthreat Modeling: Top Considerations

Medical Device Cyberthreat Modeling: Top Considerations

Safeguarding Critical OT and IoT Gear Used in Healthcare

Safeguarding Critical OT and IoT Gear Used in Healthcare

Transforming a Cyber Program in the Aftermath of an Attack

Transforming a Cyber Program in the Aftermath of an Attack

Protecting Medical Devices Against Future Cyberthreats

Protecting Medical Devices Against Future Cyberthreats

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Why Health Firms Struggle with Cybersecurity Frameworks

Why Health Firms Struggle with Cybersecurity Frameworks

Evolving Threats Facing Robotic and Other Medical Gear

Evolving Threats Facing Robotic and Other Medical Gear

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.