Principle 11 - Employ Defence in Depth

Detail

Architectures should be designed and implemented in a layered manner which ensures that any breach or circumvention of individual security controls does not result in a compromise, by presenting multiple diverse security barriers in the path between an attacker and the target.

The principle of 'no single point of security failure' should be applied to all aspects of solution design, process and procedure, including service operational aspects.

Secure the weakest link

Security controls should be consistently applied at their strongest where threat modelling and attack surface analysis identify the greatest weakness and exposure.

Decision Evaluation Criteria:

• Has an attack surface evaluation and threat modelling exercise been performed which identifies likely attack vectors ?
• Does the design demonstrate multiple (ie at least two) diverse security controls which are effective in every anticipated threat scenario ?
• Do the security controls demonstrate diversity of approach, requiring different skills and resources to attempt to breach them ?
• Are security penetration tests repeate planned & executed which demonstrate and assure the effectiveness of controls (including any necessary reparative actions) ?

Basis

• NIST 16 - Implement layered security (No single point of vulnerability)
• NIST 18 - Provide assurance that the system is and continues to be, resilient in the face of expected threats
• NIST 19 - Limit or contain vulnerabilities
• NIST 30 - Implement security through a combination of measures distributed physically and logically
• CSSLP - Employ defence in depth
• CSSLP - Secure the weakest link
• OWASP 13 - Malicious controls