U.S. Department of Health and Human Services
One of the most important tenets of an information security program is the integration of security into the EPLC. Doing so is a requirement of both the FISMA and the Office of Management and Budget (OMB) Circular A-130, Appendix III, to lower the overall cost of security and to enable the three security objectives to be obtained. The picture below maps security activities to the EPLC, as prescribed by NIST SP 800-64, Security Consideration in the Information System Development Life Cycle. This lifecycle mirrors the HHS EPLC.
Page 6 of 6
Information Security Program Management Information Security and the EPLC