Technical, Results-Focused, and Beyond Compliance
ISAUnited Prepares to Launch the Cybersecurity Industry’s First Technical Architecture and Engineering Standards.
ISAUnited is finalizing the development of the Defensible 10 Standards (D10S) — the first true engineering framework dedicated exclusively to cybersecurity architecture and engineering. Built on measurable design criteria, system integrity principles, and verifiable security-by-design, these standards move beyond compliance checklists to deliver actionable, defensible engineering clarity for securing complex digital environments.
The forthcoming release will provide engineering-grade standards for architects, engineers, and organizational teams who build, validate, and manage secure systems. Each standard defines technical requirements, design specifications, and validation methods that bridge the long-standing gap between governance frameworks and real-world engineering practice—strengthening security where it matters most.
Coming FALL 2025
About The D10S Project
The Defensible 10 Standards Project (D10S) establishes a unified, 'one voice', engineering-based framework for cybersecurity. Each Parent Standard defines the core architecture, requirements, and measurable technical specifications for a specific security domain.
Together, they form the foundation for defensible, testable, and interoperable enterprise security components, systems, and systems-of-systems.
Open Season: Each year, technical practitioners are invited to develop and submit Sub-Standards that expand and strengthen each Parent Standard.
This free, open contribution process ensures that the Defensible 10 Standards remain technically current, adaptable to emerging technologies, and reflective of real-world engineering practices, helping the cybersecurity architecture and engineering community continuously advance and modernize the profession.
A Global Community Advancing Cybersecurity as a True Engineering Discipline
To make the Defensible 10 Standards freely accessible to practitioners and organizations worldwide, ISAUnited has launched Defensible10.org. The official open-access platform for cybersecurity architecture and engineering standards.
Through Defensible10.org, users can:
-
Download the latest Defensible 10 Standards (D10S) publications.
-
Participate in Open Season to develop and submit new Sub-Standards.
-
Access peer-reviewed guidance, engineering templates, and contributor resources.
Our Manifesto Statement
“As cybersecurity threats grow more complex, securing our digital infrastructure becomes a moral imperative. ISAUnited is committed to building robust, engineering-driven standards that empower security architects, engineers, and organizations to protect what matters most. Guided by our philosophy of clarity, discipline, and practicality, we aim to create standards that are technically rigorous, accessible, and actionable for professionals across the industry. To achieve this, we ensure collaboration with organizations across all industries and academic institutions, uniting diverse perspectives to foster innovation and inclusivity. Our approach ensures that robust security is achievable without unnecessary complexity, fostering confidence and consistency in cybersecurity architecture.”
Closing the Gaps: Engineering Change in Cybersecurity
The cybersecurity industry has long struggled with a critical gap: the absence of technical, architectural, and engineering standards that are consistent, actionable, and applicable across all sectors.
ISAUnited’s research shows that while longstanding frameworks such as ISO and NIST have provided essential, policy-level foundations, the industry has relied on them too long as the sole reference point. As cybersecurity threats evolve and systems grow more complex, it is time for the profession to mature—to take the reins and introduce standards explicitly built for technical implementation, architectural precision, and engineering clarity.
This ongoing reliance on high-level and often fragmented standards has created a disconnect between compliance and actual security posture. Fragmentation, rapid vendor consolidation, and diverse regulatory landscapes further complicate adopting a unified, defensible approach that extends from conceptual policy into detailed engineering practice.
To close this gap, ISAUnited is preparing to launch the Defensible Standards—a new class dedicated to cybersecurity architecture and engineering. These forthcoming standards are designed to complement existing frameworks, not replace them—providing the technical structure and depth needed for measurable, defensible, and resilient design.
This is not just a shift in thinking—it’s the beginning of engineering change for a more secure digital future.
Unified Security Through Standards Leadership
ISAUnited has launched a bold new initiative: the ISAUnited Standards Program, a groundbreaking effort dedicated to building and maintaining cybersecurity architecture and engineering standards that move the industry beyond policy and into practical, defensible implementation.
The ISAU Research Center drives this program, the institute’s innovation hub focused on bridging research, real-world application, and standardization. Through ongoing analysis, technical development, and collaboration, ISAUnited establishes a common language for cybersecurity architecture and engineering—uniting security professionals across sectors with a shared foundation of measurable, technical standards.
More than just a campaign, this is a coordinated movement. The Standards Program is designed to elevate practitioners, bring alignment to fragmented practices, and offer a credible platform where security architects, engineers, and risk leaders speak with one voice. ISAUnited will continue working closely with industry partners, regulatory bodies, and academic institutions to ensure every standard reflects both cutting-edge research and real-world defensibility.
The future of cybersecurity demands unity—not just in awareness but in action. ISAUnited is leading that charge.
Quick Tip
We recommend that organizations start with ISO and NIST to establish a foundational security program and practices during the early stages of their cybersecurity program. As your organization matures, evolve into ISAUnited’s Defensible10 Technical Standards to engineer measurable, defensible systems beyond compliance.
Foundational Standards
ISAUnited encourages organizations with emerging cybersecurity programs (1–3 years) to adopt well-established foundational standards such as ISO and NIST. These high-level frameworks offer essential guidance for building initial governance structures, security strategies, and architectural principles—serving as the starting point for designing more defensible systems as maturity evolves.
Technical Standards
Technical Standards provide precise, implementation-level guidance for organizations with maturing cybersecurity programs (3+ years). This is where Defensible10 comes into play—offering detailed, engineered standards for applying security architecture and engineering practices at scale. These standards help bridge the gap between security design and operational execution, enabling measurable, defensible outcomes across complex environments.
NEW Standards Alignment with NIST and ISO
ISAUnited has successfully implemented its initiative to align cybersecurity architecture and engineering standards with globally recognized frameworks, including NIST and ISO. These foundational standards remain vital for emerging cybersecurity programs, and ISAUnited fully supports their continued use. However, with the introduction of the Defensible10 Standards, ISAUnited has taken the next step, delivering a purpose-built, technical framework that goes beyond compliance to address the architectural and engineering needs of maturing organizations.
This milestone was made possible through the dedicated work of ISAUnited’s Task Group and contributing members, who collaborated closely to ensure the standards are practical and globally relevant. As we move forward, ISAUnited will continue to partner with other standards development organizations and advance new initiatives that strengthen the future of security architecture and engineering. Publication of the Defensible10 Standards is scheduled for 2025.
Library
Publications
ISAU Library is your platform for the latest in security architecture design and practice. This core collection covers all technical areas of security architecture. ISAU’s Library includes:
Foundational and Technical Standards
E-books
Journals
Manuals and Reports
and more.
ISAU continues to respond to practitioners’ needs for reliable professional tools. We will continue to share updates on our standards transformation.
Join our community today!