Security aspect
The security aspect describes how trust is realized: identity, access, assurance, and compliance constraints that shape a system.
What this aspect answers
Section titled “What this aspect answers”- Who can access what, and under which conditions?
- How do we protect data and verify integrity?
- What must be auditable, and what must be provable?
Organization
Section titled “Organization”- Clear ownership for security decisions and exceptions.
- Accountability for access requests and reviews.
Process
Section titled “Process”- Risk-based controls and periodic review.
- Incident response and evidence handling.
Technique
Section titled “Technique”- Identity/authentication/authorization and least privilege.
- Audit trails, encryption, and network boundaries.
Operationalization (where to go next)
Section titled “Operationalization (where to go next)”- Policies and controls: How we work → Policies
- Access and operational security procedures: Run & Support
- Identity and access concepts: Architecture → Container archetypes