NIST: Don’t Make Security an Afterthought

The National Institute of Standards and Technology (NIST), the government's standards-making body, announced guidelines for agency technologists and industry engineers on how to bake security into critical systems.

The steps, currently in draft form, are meant to consummate an approach the Office of Management and Budget has been advocating since 2010, under the first-ever federal Chief Information Officer Vivek Kundra. The 11-step process covers defining system requirements in cooperation with employee users, as well as design, testing, and maintenance and operations -- all the way to technology disposal.

"This is the process to do what Vivek talked about," said Ron Ross, a NIST fellow and co-author of the publication. “We've been talking about it forever," he said. "This provides a disciplined and structured process to show how that security actually does get baked into the process.”