Architecture Validation

Model | Verification | Architecture Assessment | Architecture Validation

Benefit

Understanding of high-level architecture and sensible security measures

Activity

Create a view of the overall architecture and examine it for the correct provision of general security mechanisms such as authentication, authorization, user and rights management, secure communication, data protection, key management and log management. Also consider the support for privacy. Do this based on project artifacts such as architecture or design documents, or interviews with business owners and technical staff. Also consider the infrastructure components - these are all the systems, components and libraries (including SDKs) that are not specific to the application, but provide direct support to use or manage the application(s) in the organisation.

Note any security-related functionality in the architecture and review its correct provision. Do this in an ad-hoc manner, from the point of view of anonymous users, authorized users, and specific application roles.

Question

Do you review the application architecture for key security objectives on an ad-hoc basis?

Quality criteria

You have an agreed upon model of the overall software architecture
You include components, interfaces, and integrations in the architecture model
You verify the correct provision of general security mechanisms
You log missing security controls as defects

Answers

No
Yes, for some applications
Yes, for at least half of the applications
Yes, for most or all of the applications

Benefit

Consistent architecture review process across your organization

Activity

Verify that the solution architecture addresses all identified security and compliance requirements. For each interface in the application, iterate through the list of security and compliance requirements and analyze the architecture for their provision. Also perform an interaction or data flow analysis to ensure that the requirements are adequately addressed over different components. Elaborate the analysis to show the design-level features that address each requirement.

Perform this type of analysis on both internal interfaces, e.g. between tiers, as well as external ones, e.g. those comprising the attack surface. Also identify and validate important design decisions made as part of the architecture, in particular when they deviate from the available shared security solutions in the organization. Finally, update the findings based on changes made during the development cycle, and note any requirements that are not clearly provided at the design level as assessment findings.

Question

Do you regularly review the security mechanisms of your architecture?

Quality criteria

You review compliance with internal and external requirements
You systematically review each interface in the system
You use a formalized review method and structured validation
You log missing security mechanisms as defects

Answers

No
Yes, for some applications
Yes, for at least half of the applications
Yes, for most or all of the applications

Benefit

Assurance of effectiveness of architecture controls

Activity

Review the effectiveness of the architecture components and their provided security mechanisms in terms of alignment with the overall strategy of the organization, and scrutinize the degree of availability, scalability and enterprise-readiness of the chosen security solutions. While tactical choices for a particular application can make sense in specific contexts, it is important to keep an eye on the bigger picture and ensure future readiness of the designed solution.

Feed any findings back into defect management to trigger further improvements to the architecture.

Question

Do you regularly review the effectiveness of the security controls?

Quality criteria

You evaluate the preventive, detective, and response capabilities of security controls
You evaluate the strategy alignment, appropriate support, and scalability of security controls
You evaluate the effectiveness at least yearly
You log identified shortcomings as defects

Answers

No
Yes, for some applications
Yes, for at least half of the applications
Yes, for most or all of the applications

Stream Guidance

  • SAMM team guidance Google Doc

  • Be the first to add to the Community guidance for this Stream!

Want to contribute?

Complete this Google Form with guidance for this Stream.



To learn more about Stream guidance for the SAMM model, see the Stream guidance page.