Microsoft SDL Mapping
Microsofts new SDL is fully covered by TSS-WEB.
SDL Practice | TSS-WEB Coverage |
---|---|
Establish security standards, metrics, and governance | Actually what TSS-WEB is about. |
Require use of proven security features, languages, and frameworks | Covered in A.2.3 Secure Design. |
Perform security design review and threat modeling | Covered in A.2 - Secure Development Process. |
Define and use cryptography standards | Covered in B.10 - Data Security. |
Secure the software supply chain | Covered in A.2 - Secure Development Process as well as in A.4 - Outsourced Development. |
Secure the engineering environment | Covered in A.1 - Secure Dev Environment |
Perform security testing | Covered in A.3 - Security Tests. |
Ensure operational platform security | Covered in A.5 - Secure Operation. |
Implement security monitoring and response | Covered in A.5.8 Security Monitoring and Alerting and A.5.11 Incident Management. |
Provide security training | Covered in Roles. |