NIST's Generally Accepted Principles and Practices for Securing Information Technology Systems

BankInfoSecurity.com • November 15, 2005

To provide a common understanding of what is needed and expected in information technology security programs, NIST developed and published Generally Accepted Principles and Practices for Securing Information Technology Systems (Special Pub 800-14) in September 1996. Its eight principles are listed below.

See Also: DORA Key Provisions and Best Practices

1. Computer Security Supports the Mission of the Organization

2. Computer Security Is an Integral Element of Sound Management

3. Computer Security Should Be Cost-Effective

4. Systems Owners Have Security Responsibilities Outside Their Own Organizations

5. Computer Security Responsibilities and Accountability Should Be Made Explicit

6. Computer Security Requires a Comprehensive and Integrated Approach

7. Computer Security Should Be Periodically Reassessed

8. Computer Security Is Constrained by Societal Factors

Governance & Risk Management

Previous
Security solutions for e-banking and e-commerce with credit/debit cards, Part 2 :The best solution (in terms of security)

Next
Banks on Security Alert Against Keyloggers

About the Author

BankInfoSecurity.com

BankInfoSecurity.com

You might also be interested in …

OnDemand Webinar | Compliance + Security in the Connected Device Era

OnDemand Webinar | Compliance + Security in the Connected Device Era

SASE for Secure and Scalable Connectivity Everywhere

SASE for Secure and Scalable Connectivity Everywhere

2024 Strategic Roadmap for SASE Convergence

Secure IT Admin Access Across All Infrastructure

Secure IT Admin Access Across All Infrastructure

Securing Privileged Access in Transformative Times

Securing Privileged Access in Transformative Times

eBook: Secure Remote Access Simplified

eBook: Secure Remote Access Simplified

Maximize Risk Reduction with an Identity Security Approach

Maximize Risk Reduction with an Identity Security Approach

Shifting Gears To Quantify Risk with Netflix’s Tony Martin-Vegue

Shifting Gears To Quantify Risk with Netflix’s Tony Martin-Vegue

OnDemand: 6 Categories of Modern Threat Landscape | Empowering Business Continuity for Cyber Resilience

OnDemand: 6 Categories of Modern Threat Landscape | Empowering Business Continuity for Cyber Resilience

Around the Network

Transforming a Cyber Program in the Aftermath of an Attack

Transforming a Cyber Program in the Aftermath of an Attack

Evolving Threats Facing Robotic and Other Medical Gear

Evolving Threats Facing Robotic and Other Medical Gear

How 'Security by Default' Boosts Health Sector Cybersecurity

How 'Security by Default' Boosts Health Sector Cybersecurity

Identity Security and How to Reduce Risk During M&A

Identity Security and How to Reduce Risk During M&A

Safeguarding Critical OT and IoT Gear Used in Healthcare

Safeguarding Critical OT and IoT Gear Used in Healthcare

Protecting Medical Devices Against Future Cyberthreats

Protecting Medical Devices Against Future Cyberthreats

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Medical Device Cyberthreat Modeling: Top Considerations

Medical Device Cyberthreat Modeling: Top Considerations

Properly Vetting AI Before It's Deployed in Healthcare

Properly Vetting AI Before It's Deployed in Healthcare

Is It Generative AI's Fault, or Do We Blame Human Beings?

Is It Generative AI's Fault, or Do We Blame Human Beings?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.