SEA-03
Defense-In-Depth (DiD) Architecture
Description
Mechanisms exist to implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers.
Control Question
Does the organization implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers?
Control Metadata
Domain:
Secure Engineering & Architecture
Validation Cadence:
Annual
Evidence Request List:
E-TDA-04 E-TDA-09
Framework Mappings
This control maps to the following compliance frameworks
APRA CPS234
1518
MAS TRM
5.6.15.6.25.6.311.2.8
HKIA GL20
3.13.23.33.4