Skip to content

Navigation Menu

Explore
By size
By industry
By use case
Resources
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

cisagov / LME Public

Notifications You must be signed in to change notification settings
Fork 60
Star 764

Code
Issues 113
Pull requests 5
Discussions
Actions
Projects 1
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Discussions
Actions
Projects
Security
Insights

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create a mapping of Secure by Design requirements #329

Open

2 of 20 tasks

mitchelbaker-cisa opened this issue Jun 5, 2024 · 0 comments

Open

2 of 20 tasks

Create a mapping of Secure by Design requirements #329

mitchelbaker-cisa opened this issue Jun 5, 2024 · 0 comments

Assignees

Milestone

Comments

Copy link

Collaborator

mitchelbaker-cisa commented Jun 5, 2024 •

edited

Loading

Is your feature request related to a problem? Please describe.

Create a mapping of Secure by Design requirements and how these relate to new features planned for LME 2.0.

Describe the solution you'd like

Secure by Design principles:

Memory safe programming languages (Go, Python, Podman and memory safe containers?)
Secure Hardware Foundation
Secure Software Components
Web template frameworks (N/A) (does elastic have preventative measures against XSS)
Parameterized queries
Static and dynamic application security testing (SAST/DAST)
Code review
Software Bill of Materials (SBOM)
Vulnerability disclosure programs
CVE completeness
Defense-in-depth
Satisfy Cybersecurity Performance Goals (CPGs)

Secure by Default principles:

Eliminate default passwords
Mandate MFA
SSO
Secure logging
Software authorizatino profile
forward-looking security over backwards compatibility
track/reduce "hardening guide" size
Consider user experience consequences of security settings

Additional context

Secure by Design pdf

The text was updated successfully, but these errors were encountered:

All reactions

mitchelbaker-cisa added this to the LME 2.0 milestone

mitchelbaker-cisa assigned Roger-CISA and mitchelbaker-cisa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Assignees

mitchelbaker-cisa

Labels

None yet

Projects

LME-Development

Status: 🆕 Product Backlog

Milestone

LME 2.0

Development

No branches or pull requests

2 participants

Footer

© 2024 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.