SA-8 Security and Privacy Engineering Principles
Last Review: 10/1/22
Statement
WTAMU shall apply systems security and privacy engineering concepts and principles to facilitate the development of trustworthy, secure systems, system components, and system services; reduce risk to acceptable levels; and make informed risk management decisions.
Applicability
This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.
Implementation
WTAMU shall apply information system security engineering principles in the specification, design, development, implementation, and modification of the information systems. These principles may include:
- Layered protection
- Sound security policy, architecture, and controls as foundation for design
- Incorporation of security requirements into the SDLC
- Delineating physical and logical security boundaries
- Ensuring developers are trained in secure coding techniques
- Tailoring security controls to meet operational needs
- Performing threat modeling