Licensing Model |
Annual Subscription based on the number of applications being managed within SD Elements.
|
Deployment Options |
Dedicated SaaS, Shared Cloud SaaS, On-Premise Deployment
|
Single Sign-On (SSO) |
LDAP/Active Directory, SAML, Trusted Authentication
|
Expert Security and Compliance Content Library |
Internet of Things (IoT) |
-
Consumer IoT: ETSI EN 303 645
-
Authentication and Access Control
-
Availability and Systems DoS Protection
-
Communication Protocols
-
Bluetooth, HyperCat, MQTT, Pub/Sub, Thread, WiFi, XMPP, ZigBee
-
RFID Solutions
-
OWASP IoT Top 10 (OWASP IoT Attack Surface [Archived])
|
AI, ML, and LLMs* |
-
NIST AI Risk Management Framework (RMF)
-
OWASP Top 10 for Large Language Model Applications
-
ML Security: OWASP ML Security Top Ten and ENISA Security ML Algorithms
-
AWS SageMaker
*Artificial Intelligence (AI), Machine Learning (ML) and Large Language Models (LLMs)
|
Automotive Security |
-
Connected cars communication protocols, secure update, privacy, access control, and encryption requirements.
-
UNECE WP29/R155 and ISO 21434
-
ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering
|
Regulatory and Compliance: |
-
ANSI/ISA/IEC 62443-3-3
-
ANSI/ISA/IEC 62443-4-2
-
ANSSI/France Digital Signature and Encryption Requirements
-
Chinese Cybersecurity Law
-
CNSSI 1253
-
CSA Cloud Controls Matrix (CCM) v3 & v4
-
Cybersecurity Maturity Model Certification (CMMC) [v1 and v2]
-
DIACAP
-
European Banking Authority (EBA) Security of Internet Payments
-
FedRAMP
-
GLBA
-
HIPAA
-
ISASecure SSA 311
-
ISASecure CSA 311
-
ISO 27001:2013/SOX
-
ISO 27001:2022/SOX
-
MAS-TRMG
-
NIST Cybersecurity Framework
-
NYDFS
|
-
Anti-Spam Guidelines/CASL
-
Brazilian LGPD
-
California Consumer Privacy Act (CCPA)
-
California Privacy Right Act (CPRA) (California Civil Code)
-
California Online Privacy Protection Act (CalOPPA)
-
CNIL Cookie Guidelines
-
COPPA
-
EU Privacy and Cookie Laws
-
GAPP
-
GDPR (& /UK)
-
New York Shield Act (S5575B)
-
NIST 800-53 Privacy Controls
-
PA-DSS 3.2
-
PCI DSS 4, PCI DSS 3.2
-
PIPEDA/ECPA/CAN-SPAM
-
SOC2 (Based on AICPA TrustServices Criteria)
|
Industry Standards |
-
ASD-STIG 5
-
ASVS 4.0
-
CVSS
-
CWE 4.13
-
CWE Top 25, 2023
-
MDS2-2013
-
OWASP Top 10 2017
-
OWASP Top 10 2021
-
OWASP API Top 10, 2023
-
OWASP Top 10 Privacy Risks v2.0
-
Secure Controls Framework (SCF)
-
PCI SSF: SSLC (1.1) & S3 (1.0)
-
DISA Control Correlation Identifier (CCI) Framework
|
-
NIST 800-147/800-155 BIOS/FW
-
NIST 800-171 Non Federal Systems
-
NIST 800-53r4 (Granular Mandates)
-
NIST 800-53r5
-
NIST 800-82 Industrial Control Systems
-
NIST 800-95 Web Services
-
NIST 800-190 Containers
-
NIST 800-218 SSDF
-
NISTIR 8397 (Verification Req.)
-
EO14028: NIST Critical Software Req.
-
Consumer IoT: ETSI EN 303 645
|
Web Applications and Services |
-
Angular
-
Apex for Force.com
-
C#/ASP.net (.NET 6, WCF and Core 3)
-
Django (Python)
-
GoLang
-
HTML5 and CSP
-
Java Libraries and Frameworks: ESAPI, Struts, Spring, Apache Wicket, Hibernate
-
Java SE / EE
-
Javascript
-
TypeScript
|
|
Operational and Deployment Security |
-
Process-level Cloud Security Guidelines
-
Provider-agnostic Story-driven Cloud Content
-
Amazon Web Services (AWS)(Foundations and 3-Tier)(Story-driven Countermeasures)[AWS Services: AMI, API Gateway, Aurora, Auto Scaling, CloudFront, CloudWatch, Cognito, Config, DynamoDB, EBS, EC2, ECS, EKS, ELB, IAM, Kinesis Data Firehose, Kinesis Data Streams, KMS, Lambda, RDS, Route53, S3, SageMaker, SNS, SQS, VPC, WAF]
-
Microsoft Azure
-
Google Cloud Platform
-
Apache HTTP Server
-
Apache Tomcat Server
-
Docker
|
|
Just-in-time Training |
|
|
Mainframe Applications |
|
Client and Desktop Applications |
|
Mobile Applications |
|
Hardware Security |
-
Hardware Weaknesses based on CWE 4.3 weaknesses
-
Hardware, firmware, and embedded device controls
-
Bluetooth Security
|
Support for additional content and regulations, including organization-specific detail, may be achieved via customization. |
Integrations |
Issue Tracker Integrations |
-
Atlassian JIRA
-
Broadcom Rally (formerly CA Agile Central)
-
GitHub
-
GitLab
-
IBM Rational Collaborative Lifecycle Management (IBM Rational Team Concert)
-
Micro Focus (HP) Quality Center / ALM
-
Microsoft Azure DevOps and DevOps Server
-
Pivotal Tracker
-
ServiceNow
-
Digital.ai Agility (formerly VersionOne)
|
Security Tool Integrations |
|
|
-
Black Duck
-
Checkmarx
-
Coverity
-
Fortify on Demand
-
HCL (IBM) AppScan Enterprise
-
Klocwork
-
Micro Focus (HP) Fortify SSC
-
Nessus
-
OWASP Dependency Track
-
SonarQube
-
ThreadFix
-
Prisma Cloud (formerly Twistlock)
-
Veracode
-
WhiteHat Sentinel
-
Mend (formerly Whitesource)
-
Snyk
|
-
HCL (IBM) AppScan On Cloud (ASOC)
-
HCL (IBM) AppScan Source
-
HCL (IBM) AppScan Standard
-
Micro Focus (HP) WebInspect
-
OWASP Dependency-Check
|
DevOps Tool Integrations |
|
Project Integrations |
|
|
|
-
Structured data (JSON, CSV, Google Sheet, ODBC)
-
Unstructured text (Keywords, regular expressions)
-
Source code (C#, Go, Objective C, Java, JavaScript, PHP, Python, Ruby, Swift)
|
GRC Platform Integrations |
|
Support for additional Integrations may be achieved via custom plug-in. |
Support Plans |
Well-considered implementation plans and ongoing support, right-sized to each organization’s needs for the successful rollout and adoption of SD Elements
-
Base: for mid-size companies with 10-25 projects
-
Standard: for larger organizations with 25-500 projects and more than 1 development team
-
Premium: for companies with 500+ projects, complex requirements, and numerous development teams
|