What is Generally Accepted System Security Principles (GASSP/GSSP)?

Generally Accepted System Security Principles incorporate the consensus, at a particular time, as to the principles, standards, conventions, and mechanisms that information security practitioners should employ, that information processing products should provide, and that information owners should acknowledge to ensure the security of information and information systems.

GASSP relates to physical, technical, and administrative information security and encompasses pervasive, broad functional, and detailed security principles. GASSP nomenclature considers the terms policy, rules, procedures, and practices to relate to the organizational implementation of security. Information technology (IT) changes rapidly, and GASSP are expected to evolve accordingly. Consensus regarding accepted information security principles is achieved first within the GASSP Committee followed by international IT community review.

GAAP versus GASSP?
In the U.S., generally accepted accounting principles, commonly abbreviated as US GAAP or simply GAAP, are accounting rules used to prepare, present, and report financial statements for a wide variety of entities, including publicly-traded and privately-held companies, non-profit organizations, and governments. Generally GAAP includes local applicable Accounting Framework, related accounting law, rules and Accounting Standard.

Download GASSP Documents