>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

16.10Apply Secure Design Principles in Application Architectures

IG2
IG3
Software
Protect

>Control Description

Apply secure design principles in application architectures. Secure design principles include the concept of least privilege and enforcing mediation to validate every operation that the user makes, promoting the concept of "never trust user input." Examples include ensuring that explicit error checking is performed and documented for all input, including for size, data type, and acceptable ranges or formats. Secure design also means minimizing the application infrastructure attack surface, such as turning off unprotected ports and services, removing unnecessary programs and files, and renaming or removing default accounts.

>Cross-Framework Mappings

SCF

SEA-01
Compare
SEA-01.1
Compare
SEA-02
Compare
TDA-05
Compare
TDA-06
Compare
WEB-07
Compare
WEB-08
Compare

>Relevant Technologies

Technology-specific guidance with authoritative sources and verification commands.

GitHub ActionsSonarQube

Ask AI

Configure your API key to use AI features.