>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PW.1.3Where appropriate, build in support for using standardized security features and services (e.g., enabling software to integrate with existing log management, identity management, access control, and vulnerability management systems) instead of creating proprietary implementations of security features and services. [Formerly PW.4.3]

PW.1

>Control Description

Where appropriate, build in support for using standardized security features and services (e.g., enabling software to integrate with existing log management, identity management, access control, and vulnerability management systems) instead of creating proprietary implementations of security features and services. [Formerly PW.4.3]

>Practice: PW.1

Design Software to Meet Security Requirements and Mitigate Security Risks

Identify and evaluate the security requirements for the software; determine what security risks the software is likely to face during operation and how the software’s design and architecture should mitigate those risks; and justify any cases where risk-based analysis indicates that security requirements should be relaxed or waived. Addressing security requirements and risks during software design (secure by design) is key for improving software security and also helps improve development efficiency.

>Notional Implementation Examples

  1. 1.Maintain one or more software repositories of modules for supporting standardized security features and services.
  2. 2.Determine secure configurations for modules for supporting standardized security features and services, and make these configurations available (e.g., as configuration-as-code) so developers can readily use them.
  3. 3.Define criteria for which security features and services must be supported by software to be developed.

>Cross-Framework References

Mappings to related frameworks and standards from NIST SP 800-218

BSA FSS

SI.2-1
SI.2-2
LO.1

BSIMM

SFD1.1
SFD2.1
SFD3.2
SR1.1
SR3.4

EO 14028

4e(ix)

IEC 62443

SD-1
SD-4

Microsoft SDL

5

OWASP ASVS

1.1.6

OWASP SAMM

SA2-A

SAFECode FPSSD

Standardize Identity and Access Management
Establish Log Requirements and Audit Practices

Ask AI

Configure your API key to use AI features.