The Security Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling.
|Maturity level||Stream AArchitecture Design||Stream BTechnology Management|
|1||Insert consideration of proactive security guidance into the software design process.||Teams are trained on the use of basic security principles during design||Elicit technologies, frameworks and integrations within the overall solution to identify risk.|
|2||Direct the software design process toward known secure services and secure-by-default designs.||Establish common design patterns and security solutions for adoption.||Standardize technologies and frameworks to be used throughout the different applications|
|3||Formally control the software design process and validate utilization of secure components.||Reference architectures are utilized and continuously evaluated for adoption and appropriateness.||Impose the use of standard technologies on all software development.|