This chapter discusses secure system design principles, security models, the common criteria, and security capabilities of information systems. Open systems are generally far easier to integrate with other open systems. It is easy, for example, to create a local area network with a Microsoft Windows Server machine, a Linux machine, and a Macintosh machine. Zero Trust has led to a significant security focus on endpoint devices, the locations where users interact with company resources. When security systems are designed, it is often helpful to derive security mechanisms from standard security models. Some of the security models that should be recognized include the trusted computing base, state machine model, information flow model, noninterference model, take‐grant model, access control matrix, Bell‐LaPadula model, Biba model, Clark‐Wilson model, Brewer and Nash model, Goguen‐Meseguer model, Sutherland model, Graham‐Denning model, and Harrison‐Ruzzo‐Ullman model.