Controls
Enable authorization, traceability, and non-repudiation
Separate and protect each environment involved in software development (i.e., development, build, test, deployment, model training)
Controlling access to resources where permitted actions on resources are identified with roles rather than with individual subject identities; provide traceability between actors and actions
Limit the information flow across trust boundaries to participants in the supply chain
Provide the starting point for tracking changes to components, code, and settings throughout the SDLC
Prevent the tapering of information systems and networks through the monitoring of changes to configuration settings.
Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system.
Limit the impact if a key is compromised.
Reduce the number of potential entry points for a hacker, as well as the attack surface.
Provide the foundation for secure operations of a computing system