|
2.6.4
|
Data protection methods (e.g., Digital Rights Management (DRM), Data Loss Prevention (DLP), Cloud Access Security Broker (CASB))
|
5
|
|
Domain 3
|
Security Architecture and Engineering
|
|
|
3.1
|
Research, implement and manage engineering processes using secure design principles
|
1, 8, 9, 16
|
|
3.1.1
|
Threat Modeling
|
1
|
|
3.1.2
|
Least Privilege
|
16
|
|
3.1.3
|
Defense in Depth
|
1
|
|
3.1.4
|
Secure defaults
|
8
|
|
3.1.5
|
Fail securely
|
8
|
|
3.1.6
|
Separation of duties (SoD)
|
16
|
|
3.1.7
|
Keep it simple
|
8
|
|
3.1.8
|
Zero Trust
|
8
|
|
3.1.9
|
Privacy by design
|
8
|
|
3.1.10
|
Trust but verify
|
8
|
|
3.1.11
|
Shared responsibility
|
9
|
|
3.2
|
Understand the fundamental concepts of security models (e.g., Biba, Star Model, Bell-LaPadula)
|
8
|
|
3.3
|
Select controls based upon systems security requirements
|
8
|
|
3.4
|
Understand security capabilities of Information Systems (IS) (e.g., memory protection, Trusted Platform Module (TPM), encryption/decryption)
|
8
|
|
3.5
|
Assess and mitigate the vulnerabilities of security architectures, designs, and solution elements
|
9, 16, 20
|
|
3.5.1
|
Client-based systems
|
9
|
|
3.5.2
|
Server-based systems
|
9
|
|
3.5.3
|
Database systems
|
20
|
|
3.5.4
|
Cryptographic systems
|
7
|
|
3.5.5
|
Industrial Control Systems (ICS)
|
9
|
|
3.5.6
|
Cloud-based systems (e.g., Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS))
|
16
|
|
3.5.7
|
Distributed systems
|
9
|
|
3.5.8
|
Internet of Things (IoT)
|
9
|
|
3.5.9
|
Microservices
|
9
|
|
3.5.10
|
Containerization
|
9
|
|
3.5.11
|
Serverless
|
9
|
|
3.5.12
|
Embedded systems
|
9
|
|
3.5.13
|
High-Performance Computing (HPC) systems
|
