NIST 800-14 Generally Accepted System Security Principles (GASSP)

In the early 90's, the National Performance Review, in pursuant and part of of the National Information Infrastructure, request the NIST (National institute of Standards and Technology) to develop a set of generally accepted system security principles and practices for the United States government. These principles and practices were primarily created with government's information and data systems in mind. So in 1991 the rules and procedures were outlined in the National Research Council document titled, Computers At Risk. By 1992, several national and international entities started implementing the recommendations of that document. NIST 800-14 GASSP, is based primarily on a document titled, OECD's Guidelines for the Security of Information Systems, created by a team of international experts back in 1992. NIST built on and added to the OECD Guidelines in order to provide a more refined and detailed set of Generally Accepted System Security Principles. The below table illustrates the principals and practices described in the NIST special publication 800-14.


References: http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf