When to use this
Use this standard to document the secure engineering principles that system development activities must apply.
Related controls
- A.8.27 Secure System Architecture and Engineering Principles
- A.8.26 Application Security Requirements
- A.8.20 Networks Security
Principles
| Principle | Practical rule | Evidence expected |
|---|---|---|
| Least privilege | TBD | TBD |
| Secure by default | TBD | TBD |
| Defense in depth | TBD | TBD |
| Minimize attack surface | TBD | TBD |
| Fail securely | TBD | TBD |
| Segregate trust zones | TBD | TBD |
| Protect secrets | TBD | TBD |
| Log security events | TBD | TBD |
Minimum checks
- Principles are tailored to the organization.
- Principles are usable in design reviews.
- Principles are communicated to relevant teams.
- Principles are reviewed periodically.
- Template
- Iso27001
- Technological controls
- Secure architecture
Note Metadata
Aliases: Security Engineering Principles Standard
Source: 90 Templates/Secure Architecture Principles Standard.md
Related Notes
- A.8.27 Audit Evidence Pack
- ISO 27001 A.8.20 - Networks Security
- ISO 27001 A.8.26 - Application Security Requirements
- ISO 27001 A.8.27 - Secure System Architecture and Engineering Principles
- A.8 Technological Controls MOC
- A.8 Technological Controls Implementation Guide
- A.8 Technological Controls Audit Guide
- A.8 Technological Controls Implementation Audit Risk Mapping
- ISO 27002 Annex A Control Interpretation Map
- A.8.27 Audit Checklist
- Security Architecture Review Record
- Security Engineering Deviation Record
- Templates MOC