| Secure Engineering Principles | Mechanisms exist to facilitate the implementation of industry-recognized cybersecurity & data privacy practices in the specification, design, development, implementation and modification of systems and services. | |
| Centralized Management of Cybersecurity & Data Privacy Controls | Mechanisms exist to centrally-manage the organization-wide management and implementation of cybersecurity & data privacy controls and related processes. | |
| Achieving Resilience Requirements | Mechanisms exist to achieve resilience requirements in normal and adverse situations. | |
| Alignment With Enterprise Architecture | Mechanisms exist to develop an enterprise architecture, aligned with industry-recognized leading practices, with consideration for cybersecurity & data privacy principles that addresses risk to organizational operations, assets, individuals, other organizations. | |
| Standardized Terminology | Mechanisms exist to standardize technology and process terminology to reduce confusion amongst groups and departments. | |
| Outsourcing Non-Essential Functions or Services | Mechanisms exist to identify non-essential functions or services that are capable of being outsourced to external service providers and align with the organization's enterprise architecture and security standards. | |
| Defense-In-Depth (DiD) Architecture | Mechanisms exist to implement security functions as a layered structure minimizing interactions between layers of the design and avoiding any dependence by lower layers on the functionality or correctness of higher layers. | |
| System Partitioning | Mechanisms exist to partition systems so that partitions reside in separate physical domains or environments. | |
| Application Partitioning | Mechanisms exist to separate user functionality from system management functionality. | |
| Process Isolation | Mechanisms exist to implement a separate execution domain for each executing process. | |
| Security Function Isolation | Mechanisms exist to isolate security functions from non-security functions. | |
| Hardware Separation | Mechanisms exist to implement underlying hardware separation mechanisms to facilitate process separation. | |
| Thread Separation | Mechanisms exist to maintain a separate execution domain for each thread in multi-threaded processing. | |
| Information In Shared Resources | Mechanisms exist to prevent unauthorized and unintended information transfer via shared system resources. | |
| Prevent Program Execution | Automated mechanisms exist to prevent the execution of unauthorized software programs. | |
| Predictable Failure Analysis | Mechanisms exist to determine the Mean Time to Failure (MTTF) for system components in specific environments of operation. | |
| Technology Lifecycle Management | Mechanisms exist to manage the usable lifecycles of technology assets. | |
| Fail Secure | Mechanisms exist to enable systems to fail to an organization-defined known-state for types of failures, preserving system state information in failure. | |
| Non-Persistence | Mechanisms exist to implement non-persistent system components and services that are initiated in a known state and terminated upon the end of the session of use or periodically at an organization-defined frequency. | |
| Change Processing & Storage Locations | Automated mechanisms exist to change the location of processing and/or storage at random time intervals. | |
| Secure Log-On Procedures | Mechanisms exist to utilize a trusted communications path between the user and the security functions of the system. | |
| Clock Synchronization | Mechanisms exist to utilize time-synchronization technology to synchronize all critical system clocks. | |