Model | Verification | Architecture Assessment
The Architecture Assessment (AA) practice focuses on validating the effectiveness of security mechanisms within application and infrastructure architectures on the one hand, and verifying that the architecture is aligned with security requirements and best practices and addresses known compliance requirements on the other hand.
In its more advanced form, it formalizes the security architecture review process, and continuously evaluates the effectiveness of the architecture’s security controls and verifies their strategic alignment. Possible improvements are identified and fed back to the Security Architecture practice.
|Maturity level||Stream AArchitecture Validation||Stream BArchitecture Compliance|
|1||Review the architecture to ensure baseline mitigations are in place for known risks.||Identify application and infrastructure architecture components||Ad-hoc review of the architecture against compliance requirements|
|2||Review the complete provision of security mechanisms in the architecture.||Validate the architecture security mechanisms||Analyze the architecture against known security requirements and best practices|
|3||Review the architecture effectiveness and feedback results to improve the security architecture.||Review of the architecture components effectiveness||Feed the architecture review results back into the enterprise architecture, organisation design principles & patterns, security solutions and reference architectures.|