Microsoft SDL Mapping
Microsofts new SDL is fully covered by TSS-WEB.
| SDL Practice | TSS-WEB Coverage |
|---|---|
| Establish security standards, metrics, and governance | Actually what TSS-WEB is about. |
| Require use of proven security features, languages, and frameworks | Covered in A.2.3 Secure Design. |
| Perform security design review and threat modeling | Covered in A.2 - Secure Development Process. |
| Define and use cryptography standards | Covered in B.10 - Data Security. |
| Secure the software supply chain | Covered in A.2 - Secure Development Process as well as in A.4 - Outsourced Development. |
| Secure the engineering environment | Covered in A.1 - Secure Dev Environment |
| Perform security testing | Covered in A.3 - Security Tests. |
| Ensure operational platform security | Covered in A.5 - Secure Operation. |
| Implement security monitoring and response | Covered in A.5.8 Security Monitoring and Alerting and A.5.11 Incident Management. |
| Provide security training | Covered in Roles. |