8/18/2019 Security Requirements Questionnaire

1/6

 | Security Development

Lifecycle Template: Security Requirements

Questionnaire

Sample criteria and format for creating a custom securityrequirements questionnaire for an SDL project.

8/18/2019 Security Requirements Questionnaire

2/6

8/18/2019 Security Requirements Questionnaire

3/6

For te latest information! please see ttp:""###.microsoft.com"sdl.

 Tis document is provided $as%is.& 'nformation and vie#s e(pressed in tis document! including )RL and

oter 'nternet *e+ site references! may cange #itout notice. ,ou +ear te ris- of using it.

Some e(amples depicted erein are provided for illustration only and are ctitious. /o real association orconnection is intended or sould +e inferred.

 Tis document does not provide you #it any legal rigts to any intellectual property in any 0icrosoftproduct. ,ou may copy and use tis document for your internal! reference purposes.

1 2344 0icrosoft 5orporation. 6ll rigts reserved.

Licensed under 5reative 5ommons 6ttri+ution%/on5ommercial%Sare6li-e 7.3 )nported

0icrosoft and *indo#s are trademar-s of te 0icrosoft group of companies.

 Te names of actual companies and products mentioned erein may +e te trademar-s of teir respectiveo#ners.

http://www.microsoft.com/sdlhttp://creativecommons.org/licenses/by-nc-sa/3.0/http://creativecommons.org/licenses/by-nc-sa/3.0/http://creativecommons.org/licenses/by-nc-sa/3.0/http://www.microsoft.com/sdl

8/18/2019 Security Requirements Questionnaire

4/6

3

8/18/2019 Security Requirements Questionnaire

5/6

During te Requirements 8ase of a Security Development Lifecycle 9SDL

project! te development organi;ation sould develop and ans#er a sort

questionnaire to determine #ic SDL practices sould +e adopted +ased on

te features and intended use of te application +eing developed.

 Te 0icrosoft SDL team as provided tis +asic list of criteria to elp

organi;ations +egin tin-ing a+out security requirements in teir projects. Tis list is derived from te SDL Process Guidance: Introduction. 't provides a starting

point for creating your o#n security questionnaire +y identifying te features!

functionality! and usage scenarios tat most commonly a 0essenger.

o Designed to be online. ?ro#ser or mail applications tat e(pose 'nternetfunctionality! suc as 0icrosoft @utloo-> or 'nternet =(plorer>.

o Eposed online.  5omponents tat are routinely accessi+le troug oter

products tat interact #it te 'nternet! suc as 0icrosoft 6ctiveA> controls or

85B+ased games #it multiplayer online support.

• 6ny soft#are release tat automatically do#nloads updates.

• 6ny soft#are release tat accepts and"or processes data from an unautenticated

source! including:

4

!ote" Tis sample document provides some criteria to consider #en

+uilding a security requirements questionnaire. Te content presented

outlines +asic criteria to consider #en creating security processes. 't is notan e(austive list of activities or criteria! and it sould not +e treated as

http://msdn.microsoft.com/en-us/library/cc307406.aspxhttp://msdn.microsoft.com/en-us/library/cc307406.aspx

8/18/2019 Security Requirements Questionnaire

6/6

o

5alla+le interfaces tat $listen.&o Functionality tat parses any unprotected le types sould +e limited to

system administrators.

• 6ny release tat contains 6ctiveA controls.

• 6ny release tat contains 5@0 controls.

2