SCF - TDA-05 - Developer Architecture & Design
Mechanisms exist to require the developers of systems, system components or services to produce a design specification and security architecture that:
- Is consistent with and supportive of the organization’s security architecture which is established within and is an integrated part of the organization’s enterprise architecture;
- Accurately and completely describes the required security functionality and the allocation of security controls among physical and logical components; and
- Expresses how individual security functions, mechanisms and services work together to provide required security capabilities and a unified approach to protection.
Mapped framework controls
ISO 27002
- A.8.27
- A.8.30
Control questions
Does the organization require the developers of systems, system components or services to produce a design specification and security architecture that:
- Is consistent with and supportive of the organization’s security architecture which is established within and is an integrated part of the organization’s enterprise architecture;
- Accurately and completely describes the required security functionality and the allocation of security controls among physical and logical components; and
- Expresses how individual security functions, mechanisms and services work together to provide required security capabilities and a unified approach to protection?