Design

Design progresses once all requirements have been documented. Requirements drive specific design decisions.

Systems are typically decomposed into manageable units—for example, Computer Software Configuration Items (CSCIs). CSCIs allocate functional and security requirements to hardware and software design components.

The design process results in a documented set of architectural descriptions such as the Software Design Document (SDD), the Hardware Design Document (HDD), and the System Design Document (SDD). When each of the applicable documents is finalized and the gate has been passed, the team(s) is/are ready to implement.

This phase is a good time for the security team to work on maturing the security test plan and procedures, which will be used to ensure that the system operates securely—likely during a dedicated test event.