Security Considerations in the System Development Life Cycle


This guide details the steps to integrate information security into the software development lifecycle (SDLC) and related IT projects and initiatives.


To be most effective, information security must be integrated into the SDLC from system inception. Early integration of security in the SDLC enables agencies to maximize return on investment in their security programs, through:

  • Early identification and mitigation of security vulnerabilities and misconfigurations, resulting in lower cost of security control implementation and vulnerability mitigation;
  • Awareness of potential engineering challenges caused by mandatory security controls;
  • Identification of shared security services and reuse of security strategies and tools to reduce development cost and schedule while improving security posture through proven methods and techniques; and
  • Facilitation of informed executive decision making through comprehensive risk management in a timely manner.

This guide focuses on the information security components of the SDLC. First, descriptions of the key security roles and responsibilities that are needed in most information system developments are provided. Second, sufficient information about the SDLC is provided to allow a person who is unfamiliar with the SDLC process to understand the relationship between information security and the SDLC.
This document integrates the security steps into the linear, sequential (a.k.a. waterfall) SDLC. The five-step SDLC cited in this document is an example of one method of development and is not intended to mandate this methodology.




This Security Considerations in the System Development Life Cycle has been accessed 15 times.
Must Login To Download


Signup for Thought Leader

Get the latest IT management thought leadership delivered to your mailbox.

Mailchimp Signup (Short)

Join The Largest Global Network of CIOs!

Over 75,000 of your peers have begun their journey to CIO 3.0 Are you ready to start yours?
Mailchimp Signup (Short)