SD Elements Datasheet v2023.2

The SD Elements v2023 platform and its comprehensive content library are built for managing security, privacy, and compliance requirements for applications across many industries and within almost any development environment.

For additional information, please visit the SD Elements website.

Licensing Model

Annual Subscription based on the number of projects (excluding their subsequent releases) being managed within SD Elements.

Product Tiers

Professional, Enterprise

Deployment Options

Dedicated SaaS, Shared Cloud SaaS, On-Premise Deployment

Single Sign-On (SSO)

LDAP/Active Directory, SAML, Trusted Authentication

Expert Security and Compliance Content Library

Internet of Things (IoT)

  • Authentication and Access Control

  • Availability and Systems DoS Protection

  • Communication Protocols

    • AMQP, Bluetooth, HyperCat, MQTT, Pub/Sub, Thread, XMPP, WiFi, ZigBee

  • RFID Solutions

  • OWASP IoT Top 10 (OWASP IoT Attack Surface [Archived])

Automotive Security

  • Connected cars communication protocols, secure update, privacy, access control, and encryption requirements.

  • UNECE WP29/R155 and ISO 21434

  • ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering

Regulatory and Compliance:

  • ANSI/ISA/IEC 62443-3-3

  • ANSI/ISA/IEC 62443-4-2

  • ISASecure SSA 311

  • ISASecure CSA 311

  • Chinese Cybersecurity Law

  • Cloud Control Matrix

  • Cloud Security Alliance

  • CNSSI 1253

  • CSA Cloud Controls Matrix (CCM) v3 & v4

  • Cybersecurity Maturity Model Certification (CMMC) [v1 and v2]

  • DIACAP

  • FedRAMP

  • GLBA

  • HIPAA

  • ISO 27001:2013/SOX

  • NIST Cybersecurity Framework

  • NYDFS

  • PA-DSS 3.2

  • PCI DSS 4, PCI DSS 3.2

  • SOC2 (Based on AICPA TrustServices Criteria)

  • MAS-TRMG

  • European Banking Authority (EBA) Security of Internet Payments

  • ANSSI/France Digital Signature and Encryption Requirements

Privacy Related:

  • Anti-Spam Guidelines/CASL

  • Brazilian LGPD

  • California Consumer Privacy Act (CCPA)

  • California Privacy Right Act (CPRA) (California Civil Code)

  • California Online Privacy Protection Act (CalOPPA)

  • CNIL Cookie Guidelines

  • COPPA

  • EU Privacy and Cookie Laws

  • GAPP

  • GDPR (& /UK)

  • New York Shield Act (S5575B)

  • NIST 800-53 Privacy Controls

  • PIPEDA/ECPA/CAN-SPAM

Industry Standards

  • ASD-STIG 5

  • ASVS 4.0

  • CWE Top 25, 2022

  • CVSS

  • CWE/SANS Top 25, 2020

  • CWE 4.3

  • MDS2-2013

  • OWASP Top 10 2017

  • OWASP Top 10 2021

  • OWASP API Top 10, 2019

  • OWASP Top 10 Privacy Risks v2.0

  • Secure Controls Framework (SCF)

  • PCI SSF: SSLC (1.1) & S3 (1.0)

  • DISA Control Correlation Identifier (CCI) Framework

  • NIST 800-147/800-155 BIOS/FW

  • NIST 800-171 Non Federal Systems

  • NIST 800-53r4 (Granular Mandates)

  • NIST 800-53r5

  • NIST 800-82 Industrial Control Systems

  • NIST 800-95 Web Services

  • NIST 800-190 Containers

  • NIST 800-218 SSDF

  • NISTIR 8397 (Verification Req.)

  • EO14028: NIST Critical Software Req.

Web Applications and Services

  • Angular

  • Apache Wicket, Hibernate

  • Apex for Force.com

  • C#/ASP.net (.NET 6, WCF and Core 3)

  • Django (Python)

  • ESAPI, Struts, Spring,

  • GoLang

  • HTML5 and CSP

  • Java Libraries and Frameworks:

  • Java SE / EE

  • Javascript

  • TypeScript

  • JSP, Servlets

  • NGINX

  • Node.js

  • NoSQL / SQL

  • OAuth and OIDC

  • PHP

  • Python

  • Ruby on Rails

  • SOAP / REST

  • GraphQL

  • Web servers: Apache and IIS

  • XML and YAML Security

Operational and Deployment Security

  • Provider-agnostic Story-driven Cloud Content

  • Amazon Web Services (AWS)

    • Foundations and 3-Tier

  • Apache HTTP Server

  • Apache Tomcat Server

  • AWS Lambda

  • AWS SQS and AWS RDS

  • AWS EKS

  • AWS API Gateway

  • AWS Cognito

  • AWS Kinesis Data Firehose and Data Streams

  • AWS WAF

  • Docker

  • Google Cloud Platform (Story Driven Countermeasures)

  • Terraform and Ansible (IaC Tools)

  • Kubernetes

  • Microservices Infrastructure

  • Microsoft Azure

  • Azure AKS

  • Microsoft IIS Server

  • Microsoft SQL Server

  • MySQL

  • OpenShift

  • Oracle database

Just-in-time Training

  • Over 750 bite-sized training modules associated directly with specific Countermeasures, to teach developers about secure coding.

  • Covers existing eLearning course library.

  • Includes training on compliance and application security.

Mainframe Applications

  • Secure Development Guidelines

  • Secure Development Guidelines

  • COBOL

Client and Desktop Applications

  • .NET 6

  • C/C++ (POSIX and Microsoft)

Mobile Applications

  • Android Framework (Java and Kotlin)

  • iOS framework (Objective-C and Swift)

  • Flutter / Dart

  • OWASP Mobile ASVS

  • OWASP Mobile Top 10

Hardware Security

  • Hardware Weaknesses based on CWE 4.3 weaknesses

  • Hardware, firmware, and embedded device controls

  • Bluetooth Security

Support for additional content and regulations, including organization-specific detail, may be achieved via customization.

Integrations

Issue Tracker Integrations

  • Atlassian JIRA

  • Broadcom Rally (formerly CA Agile Central)

  • GitHub

  • GitLab

  • IBM Rational Collaborative Lifecycle Management (IBM Rational Team Concert)

  • Micro Focus (HP) Quality Center / ALM

  • Microsoft Azure DevOps and DevOps Server

  • Pivotal Tracker

  • ServiceNow

  • Digital.ai Agility (formerly VersionOne)

Security Tool Integrations

Web Services Capability:

File Upload Only:

  • Black Duck

  • Checkmarx

  • Coverity

  • HCL (IBM) AppScan Enterprise

  • Klocwork

  • Fortify on Demand

  • Micro Focus (HP) Fortify SSC

  • Nessus

  • OWASP Dependency Track

  • SonarQube

  • ThreadFix

  • Prisma Cloud (formerly Twistlock)

  • Veracode

  • WhiteHat Sentinel

  • Mend (formerly Whitesource)

  • Snyk

  • HCL (IBM) AppScan On Cloud (ASOC)

  • HCL (IBM) AppScan Source

  • HCL (IBM) AppScan Standard

  • Micro Focus (HP) WebInspect

  • OWASP Dependency-Check

DevOps Tool Integrations

  • Jenkins

  • Microsoft Azure DevOps Pipelines

  • XebiaLabs XL Release

GRC Platform Integrations

  • RSA Archer (IT Security Risk)

Support for additional Integrations may be achieved via custom plug-in.

Support Plans

Well-considered implementation plans and ongoing support, right-sized to each organization’s needs for the successful rollout and adoption of SD Elements

  • Base: for mid-size companies with 10-25 projects

  • Standard: for larger organizations with 25-500 projects and more than 1 development team

  • Premium: for companies with 500+ projects, complex requirements, and numerous development teams

Contact us for a free demonstration at info@securitycompass.com

results matching ""

    No results matching ""