Security Requirements Questionnaire
-
Upload
ruben-vergara -
Category
Documents
-
view
215 -
download
0
Transcript of Security Requirements Questionnaire
-
8/18/2019 Security Requirements Questionnaire
1/6
| Security Development
Lifecycle Template: Security Requirements
Questionnaire
Sample criteria and format for creating a custom securityrequirements questionnaire for an SDL project.
-
8/18/2019 Security Requirements Questionnaire
2/6
-
8/18/2019 Security Requirements Questionnaire
3/6
For te latest information! please see ttp:""###.microsoft.com"sdl.
Tis document is provided $as%is.& 'nformation and vie#s e(pressed in tis document! including )RL and
oter 'nternet *e+ site references! may cange #itout notice. ,ou +ear te ris- of using it.
Some e(amples depicted erein are provided for illustration only and are ctitious. /o real association orconnection is intended or sould +e inferred.
Tis document does not provide you #it any legal rigts to any intellectual property in any 0icrosoftproduct. ,ou may copy and use tis document for your internal! reference purposes.
1 2344 0icrosoft 5orporation. 6ll rigts reserved.
Licensed under 5reative 5ommons 6ttri+ution%/on5ommercial%Sare6li-e 7.3 )nported
0icrosoft and *indo#s are trademar-s of te 0icrosoft group of companies.
Te names of actual companies and products mentioned erein may +e te trademar-s of teir respectiveo#ners.
http://www.microsoft.com/sdlhttp://creativecommons.org/licenses/by-nc-sa/3.0/http://creativecommons.org/licenses/by-nc-sa/3.0/http://creativecommons.org/licenses/by-nc-sa/3.0/http://www.microsoft.com/sdl
-
8/18/2019 Security Requirements Questionnaire
4/6
3
-
8/18/2019 Security Requirements Questionnaire
5/6
During te Requirements 8ase of a Security Development Lifecycle 9SDL
project! te development organi;ation sould develop and ans#er a sort
questionnaire to determine #ic SDL practices sould +e adopted +ased on
te features and intended use of te application +eing developed.
Te 0icrosoft SDL team as provided tis +asic list of criteria to elp
organi;ations +egin tin-ing a+out security requirements in teir projects. Tis list is derived from te SDL Process Guidance: Introduction. 't provides a starting
point for creating your o#n security questionnaire +y identifying te features!
functionality! and usage scenarios tat most commonly a 0essenger.
o Designed to be online. ?ro#ser or mail applications tat e(pose 'nternetfunctionality! suc as 0icrosoft @utloo-> or 'nternet =(plorer>.
o Eposed online. 5omponents tat are routinely accessi+le troug oter
products tat interact #it te 'nternet! suc as 0icrosoft 6ctiveA> controls or
85B+ased games #it multiplayer online support.
• 6ny soft#are release tat automatically do#nloads updates.
• 6ny soft#are release tat accepts and"or processes data from an unautenticated
source! including:
4
!ote" Tis sample document provides some criteria to consider #en
+uilding a security requirements questionnaire. Te content presented
outlines +asic criteria to consider #en creating security processes. 't is notan e(austive list of activities or criteria! and it sould not +e treated as
http://msdn.microsoft.com/en-us/library/cc307406.aspxhttp://msdn.microsoft.com/en-us/library/cc307406.aspx
-
8/18/2019 Security Requirements Questionnaire
6/6
o
5alla+le interfaces tat $listen.&o Functionality tat parses any unprotected le types sould +e limited to
system administrators.
• 6ny release tat contains 6ctiveA controls.
• 6ny release tat contains 5@0 controls.
2