Process that captures and refines information security requirements and ensures that their integration into information technology component products and information systems through purposeful security design or configuration.

Source: NIST SP 800-137 | Category: