top of page

Security Standards

ISAUnited's Standards is a collection of relevant, experience-based knowledge and expert advice on security architecture management, analysis, design, delivery artifacts, and more, you’ll find:

  • essential knowledge based on deep experience

  • expert advice that is immediately usable

  • new content and recent updates to definitive articles

Image by Jason Goodman

NEW Standards Alignment with NIST and ISO

ISAUnited announces the integration project with the internationally recognized standards of NIST and ISO, embracing global foundational security architecture standards.

Our dedicated Task Group and its members are actively collaborating to progress and align security architecture standards on a global scale. ISAUnited is partnering with established standards development organizations, actively contributing to the creation of control standards and engaging in the planning of new initiatives related to security architecture and engineering standards.  Publish dates will be 2024.

Library_website_pic.PNG

ISAUnited's Complimentary Content

Security Principle:

Proactive Weakest Link Discovery-RP-203

Date:

2024

The primary objective of this principle is to empower security architects to systematically identify and fortify the weakest links within the organizational architecture, including infrastructure and network components. The focus is on developing a comprehensive understanding of potential vulnerabilities and points of exploitation that could compromise the security posture of the organization.

Task Group: ISAU-TG14- 2023

Weakest_link_cover.PNG

Security Principle:

Threat Intelligence Preparation-RP-212

Date:

2024

Security architects must possess an intimate understanding of potential adversaries, and technical exigencies underscore the significance of this knowledge in navigating the broader threat landscape. Technical acumen regarding potential attackers' motives, tactics, and techniques is indispensable for preemptively addressing vulnerabilities. This proactive and technically informed approach fortifies the organization's resilience and ensures that security strategies are intricately adaptive to the ever-shifting contours of cyber threats.

Task Group: ISAU-TG14- 2023

Threat_Intel_cover.PNG

Security Principle:

Minimize Your Attack Surface-RP-215

Date:

2024

Understanding the attack surface in this context involves a meticulous examination of potential entry points, vulnerabilities, and avenues for exploitation that may be accessible from the internet. By scrutinizing the attack surface of these assets, organizations can identify and prioritize security measures to fortify against external threats. This encompasses securing exposed ports, validating user inputs, implementing robust access controls, and regularly assessing for vulnerabilities.

Task Group: ISAU-TG14- 2023

Minimize_ASM_cover.PNG

Security Principle:

Know Your Architecture-RP-216

Date:

2024

Technical architecture encompasses infrastructure, networks, and associated components and systems.  This recommended principle (RP) establishes the base requirements of architecture security for organizations that design, operate, implement, and support architecture for use in on-premises, cloud, and or hybrid. This RP provides security practitioners with an enhanced framework to reveal and manage risk, promote a learning environment, and continually improve architecture security and integrity by using this principle.

Task Group: ISAU-TG14- 2023

RP-216

Security Principle:

Structured Layered Defense-RP-208

Date:

2024

TPrioritizing the imperative to ‘Structured Layered Defenses aka Defense in Depth’, this approach centers on identifying segments within an organization's architecture, particularly its infrastructure, and network. Due to potential Internet security risks occurring at various levels, you need to set up security measures that provide multiple layers of defense against these risks.  This RP provides security practitioners with an enhanced framework to reveal and manage risk, promote a learning environment, and continually improve architecture security and integrity by using this principle.

Task Group: ISAU-TG14- 2023

Defense_depth_cover.PNG

Security Operational Tool:

Security Tool Lifecycle Template

Date:

2024

Security Tool Lifecycle, this term encompasses the entire life cycle of a security tool, including its purpose, configuration, calibration standards, and maintenance history. It reflects the proactive and continuous nature of documenting key aspects of security tools, serving as a valuable resource for audits and troubleshooting throughout their operational life.

ToolLifecycle_cover_pic.PNG

Foundational Standard:

Security Architect Body of Knowledge (SABOK) 1st Edition.

Date:

2023 (Post Poned 2024)

ISAUnited's first Task Order 1 team for 2022 has been selected and assigned the responsibility of the strategy and planning of the BOK.

Security Architecture BOK

Security Principle:

The Defense in Depth Principle (Revision required)

Date:

2023

How Network and Cloud Use Defense in Depth:

Network and cloud use Defense in Depth by implementing multiple safeguard layers to help prevent security breaches.

Task Group: ISAU-TG14- 2023

Defense in Depth security principle
Logo-12.png

Library

Publications 

ISAU Library is your platform for the latest in security architecture design and practice. This core collection covers all technical areas of security architecture. ISAU’s Library includes:

Foundational and Technical Standards

E-books

Journals

Manuals and Reports

and more.

ISAU continues to respond to practitioners’ needs for reliable professional tools.  We will continue to share updates on our standards transformation. 

 

Join our community today!

Working Together

Get Involved

The ISAUnited Standards process relies on public feedback and participation, so it’s only fitting that we give you multiple ways to contribute to the development of our standards.

Business Meeting

Join ISAUnited for the professional support and growth that you won't find anywhere else

ISAUnited gives you the best professional and technical resources.

bottom of page