Licensing Model |
Annual Subscription based on the number of projects (excluding their subsequent releases) being managed within SD Elements.
|
Product Tiers |
Express, Professional, Enterprise
|
Deployment Options |
Dedicated SaaS, Shared Cloud SaaS, On-Premise Deployment
|
Single Sign-On (SSO) |
LDAP/Active Directory, SAML, Trusted Authentication
|
Expert Security and Compliance Content Library |
Internet of Things (IoT) |
-
Authentication and Access Control
-
Authentication and Access Control
-
Availability and Systems DoS Protection
-
Communication Protocols
-
AMQP, Bluetooth, HyperCat, MQTT, Pub/Sub, Thread, XMPP, WiFi, ZigBee
-
Consumer IoT: ETSI EN 303 645
-
RFID Solutions
-
OWASP IoT Top 10 (OWASP IoT Attack Surface [Archived])
|
AI, ML, and LLMs* |
*Artificial Intelligence (AI), Machine Learning (ML) and Large Language Models (LLMs)
|
Automotive Security |
-
Connected cars communication protocols, secure update, privacy, access control, and encryption requirements.
-
UNECE WP29/R155 and ISO 21434
-
ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering
|
Regulatory and Compliance: |
-
ANSI/ISA/IEC 62443-3-3
-
ANSI/ISA/IEC 62443-4-2
-
ISASecure SSA 311
-
ISASecure CSA 311
-
Chinese Cybersecurity Law
-
Cloud Control Matrix
-
Cloud Security Alliance
-
CNSSI 1253
-
CSA Cloud Controls Matrix (CCM) v3 & v4
-
Cybersecurity Maturity Model Certification (CMMC) [v1 and v2]
-
DIACAP
-
FedRAMP
-
GLBA
-
HIPAA
-
ISO 27001:2013/SOX
-
ISO 27001:2022/SOX
-
NIST Cybersecurity Framework
-
NYDFS
-
PA-DSS 3.2
-
PCI DSS 4, PCI DSS 3.2
-
SOC2 (Based on AICPA TrustServices Criteria)
-
MAS-TRMG
-
European Banking Authority (EBA) Security of Internet Payments
-
ANSSI/France Digital Signature and Encryption Requirements
|
-
Anti-Spam Guidelines/CASL
-
Brazilian LGPD
-
California Consumer Privacy Act (CCPA)
-
California Privacy Right Act (CPRA) (California Civil Code)
-
California Online Privacy Protection Act (CalOPPA)
-
CNIL Cookie Guidelines
-
COPPA
-
EU Privacy and Cookie Laws
-
GAPP
-
GDPR (& /UK)
-
New York Shield Act (S5575B)
-
NIST 800-53 Privacy Controls
-
PIPEDA/ECPA/CAN-SPAM
|
Industry Standards |
-
ASD-STIG 5
-
ASVS 4.0
-
Consumer IoT: ETSI EN 303 645
-
CVSS
-
CWE 4.13
-
CWE Top 25, 2023
-
MDS2-2013
-
OWASP Top 10 2017
-
OWASP Top 10 2021
-
OWASP API Top 10, 2019
-
OWASP Top 10 Privacy Risks v2.0
-
Secure Controls Framework (SCF)
-
PCI SSF: SSLC (1.1) & S3 (1.0)
-
DISA Control Correlation Identifier (CCI) Framework
|
-
NIST 800-147/800-155 BIOS/FW
-
NIST 800-171 Non Federal Systems
-
NIST 800-53r4 (Granular Mandates)
-
NIST 800-53r5
-
NIST 800-82 Industrial Control Systems
-
NIST 800-95 Web Services
-
NIST 800-190 Containers
-
NIST 800-218 SSDF
-
NISTIR 8397 (Verification Req.)
-
EO14028: NIST Critical Software Req.
|
Web Applications and Services |
|
|
Operational and Deployment Security |
-
Provider-agnostic Story-driven Cloud Content
-
Amazon Web Services (AWS)
-
Apache HTTP Server
-
Apache Tomcat Server
-
AWS Lambda
-
AWS SQS and AWS RDS
-
AWS EKS
-
AWS API Gateway
-
AWS Cognito
-
AWS Kinesis Data Firehose and Data Streams
-
AWS WAF
-
Docker
-
Google Cloud Platform (Story Driven Countermeasures)
-
Terraform and Ansible (IaC Tools)
|
|
Just-in-time Training |
|
|
Mainframe Applications |
|
|
Client and Desktop Applications |
|
Mobile Applications |
|
Hardware Security |
-
Hardware Weaknesses based on CWE 4.3 weaknesses
-
Hardware, firmware, and embedded device controls
-
Bluetooth Security
|
Support for additional content and regulations, including organization-specific detail, may be achieved via customization. |
Integrations |
Issue Tracker Integrations |
-
Atlassian JIRA
-
Broadcom Rally (formerly CA Agile Central)
-
GitHub
-
GitLab
-
IBM Rational Collaborative Lifecycle Management (IBM Rational Team Concert)
-
Micro Focus (HP) Quality Center / ALM
-
Microsoft Azure DevOps and DevOps Server
-
Pivotal Tracker
-
ServiceNow
-
Digital.ai Agility (formerly VersionOne)
|
Security Tool Integrations |
|
|
-
Black Duck
-
Checkmarx
-
Coverity
-
HCL (IBM) AppScan Enterprise
-
Klocwork
-
Fortify on Demand
-
Micro Focus (HP) Fortify SSC
-
Nessus
-
OWASP Dependency Track
-
SonarQube
-
ThreadFix
-
Prisma Cloud (formerly Twistlock)
-
Veracode
-
WhiteHat Sentinel
-
Mend (formerly Whitesource)
-
Snyk
|
-
HCL (IBM) AppScan On Cloud (ASOC)
-
HCL (IBM) AppScan Source
-
HCL (IBM) AppScan Standard
-
Micro Focus (HP) WebInspect
-
OWASP Dependency-Check
|
DevOps Tool Integrations |
|
GRC Platform Integrations |
|
Support for additional Integrations may be achieved via custom plug-in. |
Support Plans |
Well-considered implementation plans and ongoing support, right-sized to each organization’s needs for the successful rollout and adoption of SD Elements
-
Base: for mid-size companies with 10-25 projects
-
Standard: for larger organizations with 25-500 projects and more than 1 development team
-
Premium: for companies with 500+ projects, complex requirements, and numerous development teams
|