Security Domain Architecture Principles and Recommendations


Technology Categories
Domain Principles
Existing Security Practices Governing AdCom Activity
Security Advisories and Vulnerabilities
Product/Technology Lifecycle Matrix
Best Practices

Security/Privacy Domain Technology Categories

Principles for the Security Architecture Domain

  1. Education and Awareness
  2. The Security Architecture must facilitate proper and efficient identification, authentication, authorization, administration and auditability and adhere to the general architecture outlined in User Management and Access Control Architecture
  3. Centralize security policy, maintenance operation and oversight functions.
  4. Delegate access control where appropriate.
  5. Security will be commensurate with the business need/mandate and risk. Risk analysis should decide if the cost for security protection is appropriate to the level of security required.
  6. Minimize the number of security devices
  7. Consider security during initial system design
  8. Security should ensure but not impede connectivity
  9. Assign Security levels consistently and at the lowest level of access required by the individual.
  10. Provide a modular approach to authentication, authorization, and accounting.
  11. Provide for various strength Authentication models.
  12. Provide for portability across platforms.
  13. Utilize Open Standards.
  14. Support multiple interfaces to the security infrastructure.
  15. The Security Architecture must be flexible to support the introduction and/or integration of new technologies.
  16. Ensure that the accountability and responsibility of all persons fulfilling security duties is sustainable and enforceable.
  17. The Security Architecture must address and support multiple levels of protection, including network level, operating system, and application level security needs.

Existing Security Practices Governing AdCom Activity

Security Advisories, Vulnerabilities and Checklists

Product/Technology Life Cycle Matrix

Best Practices

Maintained by Josh Drummond / Last Modified 9/9/2008