Implement Security from the Start ("Shift Left" Security)

This standard mandates the implementation of security from the start ("shift left" security) to ensure security is embedded early in the software development lifecycle (SDLC).

1. Implement Security from the Start ("Shift Left" Security):

Security must be embedded early in the software development lifecycle (SDLC). This approach ensures proactive security measures and reduces vulnerabilities.

• 1.1 Threat Modelling and Risk Assessments:
  • 1.1.1 Design Phase Integration:
    • Integrate threat modelling and risk assessments into the design phase.
    • Automate the scheduling of threat modelling sessions.
  • 1.1.2 Assessment Management:
    • Automate the tracking of risk assessment results.
    • Implement assessment feedback collection.
• 1.2 Security Reviews:
  • 1.2.1 Architecture and Feature Reviews:
    • Require security reviews for architecture decisions and critical features.
    • Automate the scheduling of security reviews.
  • 1.2.2 Review Implementation:
    • Automate the review process for security aspects.
    • Implement review tracking.
• 1.3 Automated Security Testing:
  • 1.3.1 CI/CD Integration:
    • Automate static and dynamic security testing in CI/CD pipelines.
    • Automate the execution of security testing tools.
  • 1.3.2 Pipeline Integration:
    • Automate the integration of security test results into CI/CD pipelines.
    • Implement test reporting.

By implementing security from the start, organisations can ensure proactive security measures throughout the SDLC.

---