Skip to main content
SEA

Secure Engineering & Architecture

44 controls

Utilize industry-recognized secure engineering and architecture principles to deliver secure and resilient systems, applications and services.

SCF # Control Name Weight NIST CSF Frameworks
SEA-01 Secure Engineering Principles 10 — Critical Govern 174
SEA-01.1 Centralized Management of Cybersecurity & Data Protection Controls 9 — Critical Protect 46
SEA-01.2 Achieving Resilience Requirements 4 — Medium Protect 15
SEA-01.3 Resilience Capabilities 5 — Medium Protect 2
SEA-02 Alignment With Enterprise Architecture 9 — Critical Protect 135
SEA-02.1 Standardized Terminology 3 — Low Protect 38
SEA-02.2 Outsourcing Non-Essential Functions or Services 3 — Low Protect 3
SEA-02.3 Technical Debt Reviews 9 — Critical Protect 8
SEA-03 Defense-In-Depth (DiD) Architecture 10 — Critical Protect 110
SEA-03.1 System Partitioning 8 — High Protect 8
SEA-03.2 Application Partitioning 8 — High Protect 30
SEA-04 Process Isolation 7 — High Protect 36
SEA-04.1 Security Function Isolation 7 — High Protect 19
SEA-04.2 Hardware Separation 7 — High Protect 4
SEA-04.3 Thread Separation 7 — High Protect 4
SEA-04.4 System Privileges Isolation 5 — Medium Protect 1
SEA-05 Information In Shared Resources 8 — High Protect 43
SEA-06 Prevent Program Execution 8 — High Protect 20
SEA-07 Predictable Failure Analysis 5 — Medium Protect 15
SEA-07.1 Technology Lifecycle Management 7 — High Protect 64
SEA-07.2 Fail Secure 8 — High Protect 21
SEA-07.3 Fail Safe 8 — High Protect 9
SEA-08 Non-Persistence 9 — Critical Protect 7
SEA-08.1 Refresh from Trusted Sources 5 — Medium Protect 9
SEA-09 Information Output Filtering 8 — High Protect 7
SEA-09.1 Limit Personal Data (PD) Dissemination 8 — High Protect 2
SEA-10 Memory Protection 8 — High Protect 28
SEA-11 Honeypots 3 — Low Protect 10
SEA-12 Honeyclients 3 — Low Protect 7
SEA-13 Heterogeneity 3 — Low Protect 11
SEA-13.1 Virtualization Techniques 6 — Medium Protect 10
SEA-14 Concealment & Misdirection 2 — Low Protect 9
SEA-14.1 Randomness 5 — Medium Protect 6
SEA-14.2 Change Processing & Storage Locations 5 — Medium Protect 7
SEA-15 Distributed Processing & Storage 4 — Medium Protect 34
SEA-16 Non-Modifiable Executable Programs 1 — Low Protect 6
SEA-17 Secure Log-On Procedures 8 — High Protect 5
SEA-18 System Use Notification (Logon Banner) 9 — Critical Protect 50
SEA-18.1 Standardized Microsoft Windows Banner 9 — Critical Protect 14
SEA-18.2 Truncated Banner 9 — Critical Protect 14
SEA-19 Previous Logon Notification 3 — Low Protect 6
SEA-20 Clock Synchronization 9 — Critical Protect 45
SEA-21 Application Container 5 — Medium Protect 4
SEA-22 Privileged Environments 5 — Medium Protect 2

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.