16.10: Apply Secure Design Principles in Application Architectures
CSF v1.1 References:
PF v1.0 References:
Control is new to this version of the control set and incorporates the following control from the previous version: 18.2: Ensure That Explicit Error Checking is Performed for All In-House Developed Software.
Control Statement
Apply secure design principles in application architectures. Secure design principles include the concept of least privilege and enforcing mediation to validate every operation that the user makes, promoting the concept of "never trust user input." Examples include ensuring that explicit error checking is performed and documented for all input, including for size, data type, and acceptable ranges or formats. Secure design also means minimizing the application infrastructure attack surface, such as turning off unprotected ports and services, removing unnecessary programs and files, and renaming or removing default accounts.
[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]