CS5 Engineering Trust Roundtable

Dr. Jeff Baldwin, CEO of Space Coast Cyber and CMMC Lead CCA and Provisional Instructor facilitated the Engineering Trust table at the 2025 CS5 East Conference in National Harbor, MD.

Resources:

• Information Assurance Technical Framework IATF 3.1 (NSA, 2002)

• NIST SP 800-64 R2: Security Considerations in the System Development Life Cycle (2008)

• NIST SP 800-160 Volume 1 Rev 1: Engineering Trustworthy Secure Systems (2022)

• NIST SP 800-160 Volume 2 Rev 1: Developing Cyber-Resilient Systems:

• A Systems Security Engineering Approach (2021)

• Systems Engineering Guidebook (DoD, 2022)

Roundtable Discussion Points:

• System Concepts

  • Information Systems are made up of system components, system elements, or subsystems.

  • Requirements apply to Information Systems and are tailored for system components.

• System Development Lifecycle

  • Initiation -> Development / Acquisition -> Implementation / Assessment -> Operations & Maintenance -> Disposal

  • The real shift left is incorporating security requirements at system conception before anything is built. Security is not bolted on at the end.

• DoD Acquisition / Systems Engineering

  • Technical Reviews: SRR, SFR, PDR, CDR, TRR, SVR/FCA, PRR, OTRR, PCA

  • https://www.dau.edu/tools/dau-systems-engineering-brainbook/technical-reviews-and-audits

• Systems Security Engineering Concepts

  • NSA developed IATF and originally designed ISC2’s ISSEP certification

  • IATF Appendix J: ISSE Relationship to Sample SE Processes

  • NIST SP 800-160 Volume 1 is the successor of IATF and NIST SP 800-64

  • NIST SSE Project: https://csrc.nist.gov/Projects/Systems-Security-Engineering-Project

Download the Handout from the Event: