UnixTime

Research Note

A.8.27 Audit Checklist

Use this checklist during an internal audit of secure architecture and engineering principles.

On this page

When to use this

Use this checklist during an internal audit of secure architecture and engineering principles.

Audit checklist

  • Review secure architecture principles.
  • Check principles are tailored and maintained.
  • Sample architecture review records.
  • Check threat model or design risk evidence.
  • Review deviations and approvals.
  • Check contractor/supplier communication.
  • Interview architecture/security engineering role holders.

Findings table

Architecture area Expected evidence Observed evidence Gap Finding type Action owner
TBD TBD TBD TBD NC / observation / conforming TBD