Generally Accepted Security Principles
The main purpose of developing the security principals and practices by the National Institute of Standards and Technology (NIST) is to serve the federal government in applying the security principals and practices in use, protection, and design of government information and data systems, particularly front‐line systems for delivering services electronically to citizens. The OEDC provides a setting where governments compare policy experiences, seek answers to common problems, identify good practice and coordinate domestic and international policies. The Generally accepted security principles were based upon the OEDC guidelines. This document is tabulated with eight principles and fourteen practices. Each of the principles applies to each of the practices. The nature of the relationship between the principles and the practices varies. In some cases, practices are derived from one or more principles; in other cases practices are constrained by principles.


Generally Accepted System Security Principles
1. Computer Security Supports the Mission of the Organization
2. Computer Security is an Integral Element of Sound Management
3. Computer Security Should Be Cost‐Effective
4. Systems Owners Have Security Responsibilities Outside Their Own Organization
5. Computer Security Responsibilities and Accountability Should Be Made Explicit
6. Computer Security Requires a Comprehensive and Integrated Approach
7. Computer Security Should Be Periodically Reassessed
8. Computer Security is Constrained by Societal Factors


Common IT Security Practices
1. Policy
2. Program Management
3. Risk Management
4. Life Cycle Planning
5. Personnel/User Issues
6. Preparing for Contingencies and Disasters
7. Computer Security Incident Handling
8. Awareness and Training
9. Security Considerations in Computer Support and Operations
10. Physical and Environmental Security
11. Identification and Authentication
12. Logical Access Control
13. Audit Trails
14. Cryptography

Here is a link to an article where the NIST’s generally accepted principles and practices were applied in order to reduce the fraud which is taking place in the seafood industry. The forum explains how the fraud is taking place in the industry and how the NIST and other agencies has involved in order to set particular standards and to eradicate the fraud happening in the fishing industry.

http://ts.nist.gov/WeightsAndMeasures/upload/Seafood‐Forum‐Final.pdf


Reference:
http://csrc.nist.gov/publications/nistpubs/800‐14/800‐14.pdf