The Secure Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling.
Overview
| Maturity 1 | Maturity 2 | Maturity 3 |
|---|
| Objective | Insert consideration of proactive security guidance into the software design process. | Direct the software design process toward known secure services and secure-by-default designs. | Formally control the software design process and validate utilization of secure components. |
Streams
| Maturity 1 | Maturity 2 | Maturity 3 |
|---|
| Teams are trained on the use of basic security principles during design. | Establish common design patterns and security solutions for adoption. | Reference architectures are utilized and continuously evaluated for adoption and appropriateness. |
| Maturity 1 | Maturity 2 | Maturity 3 |
|---|
| Elicit technologies, frameworks and integrations within the overall solution to identify risk. | Standardize technologies and frameworks to be used throughout the different applications. | Impose the use of standard technologies on all software development. |
