IDNameImplementation GroupsThreats
    16.10Apply Secure Design Principles in Application Architectures STRIDE-LM
    16.11Leverage Vetted Modules or Services for Application Security Components STRIDE-LM
    16.12Implement Code-Level Security Checks  STRIDE-LM
    16.13Conduct Application Penetration Testing  STRIDE-LM
    16.14Conduct Threat Modeling  STRIDE-LM
    17Incident Response Management   STRIDE-LM
    17.1Designate Personnel to Manage Incident HandlingSTRIDE-LM
    17.2Establish and Maintain Contact Information for Reporting Security IncidentsSTRIDE-LM
    17.3Establish and Maintain an Enterprise Process for Reporting IncidentsSTRIDE-LM
    17.4Establish and Maintain an Incident Response Process STRIDE-LM
    17.5Assign Key Roles and Responsibilities STRIDE-LM
    17.6Define Mechanisms for Communicating During Incident Response STRIDE-LM
    17.7Conduct Routine Incident Response Exercises STRIDE-LM
    17.8Conduct Post-Incident Reviews STRIDE-LM
    17.9Establish and Maintain Security Incident Thresholds  STRIDE-LM
    18Penetration Testing   STRIDE-LM
    18.1Establish and Maintain a Penetration Testing Program STRIDE-LM
    18.2Perform Periodic External Penetration Tests STRIDE-LM
    18.3Remediate Penetration Test Findings STRIDE-LM
    18.4Validate Security Measures  STRIDE-LM
    18.5Perform Periodic Internal Penetration Tests  STRIDE-LM