SD Elements Datasheet v2024.3

Updated September 2024

The SD Elements v2024 platform and its comprehensive content library are built for managing security, privacy, and compliance requirements for applications across many industries and within almost any development environment.

For additional information, please visit the SD Elements website.

Licensing Model	Annual Subscription based on the number of applications being managed within SD Elements.
Deployment Options	Dedicated SaaS, Shared Cloud SaaS, On-Premise Deployment
Single Sign-On (SSO)	LDAP/Active Directory, SAML, Trusted Authentication
Expert Security and Compliance Content Library
Internet of Things (IoT)	Consumer IoT: ETSI EN 303 645 Authentication and Access Control Availability and Systems DoS Protection Communication Protocols Bluetooth, HyperCat, MQTT, Pub/Sub, Thread, WiFi, XMPP, ZigBee, AMQP RFID Solutions OWASP IoT Top 10 (OWASP IoT Attack Surface [Archived])
AI, ML, and LLMs*	NIST AI Risk Management Framework (RMF) OWASP Top 10 for Large Language Model Applications LLM-based Code Generation Security ML Security: OWASP ML Security Top Ten and ENISA Security ML Algorithms AWS SageMaker EU AI Act AI/Data Engineering Cloud Services: AWS Sagemaker, AWS Bedrock, AWS Lake Formation, Azure OpenAI, Azure Data Lake Storage, GCP Vertex AI AI Use Cases: Fine-tuning, RAG, Use of vector databases *Artificial Intelligence (AI), Machine Learning (ML) and Large Language Models (LLMs)
Automotive Security	Connected cars communication protocols, secure update, privacy, access control, and encryption requirements. UNECE WP29/R155 and ISO 21434 ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering
Regulatory and Compliance:	ANSI/ISA/IEC 62443-3-3 ANSI/ISA/IEC 62443-4-1 ANSI/ISA/IEC 62443-4-2 ANSSI/France Digital Signature and Encryption Requirements Chinese Cybersecurity Law CNSSI 1253 CSA Cloud Controls Matrix (CCM) v3 & v4 Cybersecurity Maturity Model Certification (CMMC) [v1 and v2] DIACAP European Banking Authority (EBA) Security of Internet Payments FedRAMP GLBA HIPAA ISASecure SSA 311 ISASecure CSA 311 ISO 27001:2013/SOX ISO 27001:2022/SOX MAS-TRMG NIST Cybersecurity Framework NYDFS	Privacy Related: Anti-Spam Guidelines/CASL Brazilian LGPD California Consumer Privacy Act (CCPA) California Privacy Right Act (CPRA) (California Civil Code) California Online Privacy Protection Act (CalOPPA) CNIL Cookie Guidelines COPPA EU Privacy and Cookie Laws GAPP GDPR (& /UK) New York Shield Act (S5575B) NIST 800-53 Privacy Controls PA-DSS 3.2 PCI DSS 4, PCI DSS 3.2 PIPEDA/ECPA/CAN-SPAM SOC2 (Based on AICPA TrustServices Criteria)
Industry Standards	ASD-STIG 5 ASVS 4.0 CVSS CWE 4.13 CWE Top 25, 2023 MDS2-2013 OWASP Top 10 2017 OWASP Top 10 2021 OWASP API Top 10, 2023 OWASP Top 10 Privacy Risks v2.0 Secure Controls Framework (SCF) PCI SSF: SSLC (1.1) & S3 (1.0) DISA Control Correlation Identifier (CCI) Framework	NIST 800-147/800-155 BIOS/FW NIST 800-171 Non Federal Systems NIST 800-53r4 (Granular Mandates) NIST 800-53r5 NIST 800-82 Industrial Control Systems NIST 800-95 Web Services NIST 800-190 Containers NIST 800-218 SSDF NISTIR 8397 (Verification Req.) EO14028: NIST Critical Software Req. Consumer IoT: ETSI EN 303 645
Web Applications and Services	Angular Apex for Force.com C#/ASP.net (.NET 6, WCF and Core 3) Django (Python) GoLang HTML5 and CSP Java Libraries and Frameworks: ESAPI, Struts, Spring, Apache Wicket, Hibernate Java SE / EE Javascript TypeScript	JSP, Servlets NGINX Node.js NoSQL / SQL OAuth and OIDC PHP Python Ruby on Rails Rust SOAP / REST GraphQL Web servers: Apache and IIS XML and YAML Security
Operational and Deployment Security	Process-level Cloud Security Guidelines Provider-agnostic Story-driven Cloud Content Amazon Web Services (AWS)(Foundations and 3-Tier CIS Benchmarks)[AWS Services: AMI, API Gateway, Aurora, Auto Scaling, CloudFront, CloudWatch, Cognito, Config, DynamoDB, EBS, EC2, ECS, EKS, ELB, IAM, Kinesis Data Firehose, Kinesis Data Streams, KMS, Lambda, RDS, Route53, S3, SageMaker, SNS, SQS, VPC, WAF, Certificate Manager, CloudFormation, Elastic Container Registry, Elastic File System, ElastiCache, Managed Streaming for Apache Kafka, MQ, OpenSearch Service, RedShift, Secrets Manager, Simple Email Service, Step Functions, Systems Manager, Transfer Family, AWS CodePipeline, CodeArtifact, Elasticache, X-Ray, Athena, Backup, DataSync, Direct Connect, EventBridge, Fargate, AWS FSx, GuardDuty, Inspector, Neptune, Rekognition, and many more] Google Cloud Platform [Google Cloud Services: BigQuery, Cloud Audit Logs, Cloud DNS, Cloud IAM, Cloud Key Management Service, Cloud SQL, Cloud Storage, Compute Engine, Kubernetes Engine, Stackdriver, Virtual Private Cloud (VPC), Vertex AI] Apache HTTP Server Apache Tomcat Server Containerization tools: Docker, OpenShift, Kubernetes, PodMan CI/CD tools: CircleCI IaC Tools: Terraform, Azure Resource Manager (ARM), Ansible Microservices Infrastructure Microsoft IIS Server Microsoft SQL Server	MySQL Network [WiFi, Bluetooth, FTP, Directory Server, DNS Server, Firewall, FTP Server, IDS/IPS, Load Balancer, Message Broker, File Transfer Protocol (FTP), Virtual Private Network (VPN), Proxy Server, Router, Service Bus, Virtual Private Network (VPN) Server, 3G, 4G/LTE, 5G, LoRa, Modbus, Advanced Message Queuing Protocol (AMQP), Content Delivery Network (CDN)] Databases [Generic Database, Oracle, PostgreSQL, InfluxDB, Neo4j, MariaDB, CockroachDB, Apache Cassandra, MarkLogic, and SQLite] GitHub Microsoft Azure (Microsoft Cloud Security & Azure Security Benchmarks)[Azure Services: Active Directory, AKS, Azure Functions, Key Vault, Monitor, Multi-Factor Authentication, Network Watcher, Resource Manager, Security Center, SQL Database, Storage, Virtual Machines, Virtual Network, Azure AI Bot Service, Azure Databricks, Azure Machine Learning, Azure OpenAI Service, Azure Analysis Services, Azure Data Explorer, Azure Data Lake Analytics, Azure Event Hubs, Azure Stream Analytics, Azure Synapse Analytics, Azure App Service, Azure Batch, Azure Linux Virtual Machines, Azure Spring Apps, Azure Virtual Desktop, Azure Virtual Machine Scale Sets, Azure VMware Solution, Azure Windows Virtual Machines, Azure Container Apps, Azure Container Instances, Azure Container Registry, Azure Red Hat OpenShift, Azure Cache for Redis, Azure Cosmos DB, Azure Data Factory, Azure Database for MariaDB, Azure Database for MySQL, Azure Managed Instance for Apache Cassandra, Azure SQL, Azure App Configuration, Azure DevTest Labs, Azure Arc, Azure Stack Edge, Azure Active Directory External Identities, Azure API Management, Azure Event Grid, Azure Logic Apps, Azure Service Bus, Azure Web PubSub, Azure IoT Central, Azure IoT Hub, Azure Notification Hubs, Azure Automation, Azure Cloud Shell, Azure Cost Management, Azure Lighthouse, Azure Managed Applications, Azure Policy, Azure Purview, Azure Resource Manager templates, Azure Resource Mover, Azure Media Services, Azure Database Migration Service, Azure Migrate, Azure Site Recovery, Azure Digital Twins, Azure Remote Rendering, Azure Spatial Anchors, Azure Application Gateway, Azure Bastion, Azure Communications Gateway, Azure Content Delivery Network, Azure DDoS Protection, Azure DNS, Azure Firewall, Azure Firewall Manager, Azure Front Door, Azure Load Balancer, Azure NAT Gateway, Azure Network Watcher, Azure Private Link, Azure Traffic Manager, Azure Virtual WAN, Azure VPN Gateway, Azure Web Application Firewall, Azure PostgreSQL Database, Azure Attestation, Azure Dedicated HSM, Azure Defender for Cloud, Azure Information Protection, Azure Key Vault Managed HSM, Azure Sentinel, Azure Backup, Azure Data Box, Azure Data Share, Azure HPC Cache, Azure Managed Lustre, Azure NetApp Files, Azure Communication Services, Azure SignalR Service, Azure Blob Storage, Azure Data Lake Storage, SQL Managed Instance, Azure Static Web Apps, and many more]
Just-in-time Training	Over 950 bite-sized training modules associated directly with specific Countermeasures, to teach developers about secure coding.	Covers existing eLearning course library. Includes training on compliance and application security.
Mainframe Applications	Secure Development Guidelines COBOL
Client and Desktop Applications	.NET 8 C/C++ (POSIX and Microsoft) Bash/Shell (Linux)
Mobile Applications	Android Framework (Java and Kotlin) iOS framework (Objective-C and Swift) Flutter / Dart OWASP Mobile ASVS OWASP Mobile Top 10
Hardware Security	Hardware Weaknesses based on CWE 4.3 weaknesses Hardware, firmware, and embedded device controls Bluetooth Security
Support for additional content and regulations, including organization-specific detail, may be achieved via customization.
Integrations
Issue Tracker Integrations	Atlassian JIRA Broadcom Rally (formerly CA Agile Central) GitHub GitLab IBM Rational Collaborative Lifecycle Management (IBM Rational Team Concert) Micro Focus (HP) Quality Center / ALM Microsoft Azure DevOps and DevOps Server Pivotal Tracker ServiceNow Digital.ai Agility (formerly VersionOne)
Security Tool Integrations	Web Services Capability:	File Upload Only:
Black Duck Checkmarx Coverity Fortify on Demand HCL (IBM) AppScan Enterprise Klocwork Micro Focus (HP) Fortify SSC Nessus OWASP Dependency Track SonarQube ThreadFix Prisma Cloud (formerly Twistlock) Veracode WhiteHat Sentinel Mend (formerly Whitesource) Snyk	HCL (IBM) AppScan On Cloud (ASOC) HCL (IBM) AppScan Source HCL (IBM) AppScan Standard Micro Focus (HP) WebInspect OWASP Dependency-Check
DevOps Tool Integrations	Jenkins Microsoft Azure DevOps Pipelines XebiaLabs XL Release
Project Integrations	Systems:	Data:
Atlassian BitBucket BitDiscovery Git GitHub GitLab Microsoft Azure DevOps Micro Focus (HP) Fortify SSC ServiceNow	Structured data (JSON, CSV, Google Sheet, ODBC) Unstructured text (Keywords, regular expressions) Source code (C#, Go, Objective C, Java, JavaScript, PHP, Python, Ruby, Swift)
GRC Platform Integrations	RSA Archer (IT Security Risk)
Support for additional Integrations may be achieved via custom plug-in.
Support Plans	Well-considered implementation plans and ongoing support, right-sized to each organization’s needs for the successful rollout and adoption of SD Elements Base: for mid-size companies with 10-25 projects Standard: for larger organizations with 25-500 projects and more than 1 development team Premium: for companies with 500+ projects, complex requirements, and numerous development teams

Licensing Model

Annual Subscription based on the number of applications being managed within SD Elements.

Deployment Options

Dedicated SaaS, Shared Cloud SaaS, On-Premise Deployment

Single Sign-On (SSO)

LDAP/Active Directory, SAML, Trusted Authentication

Expert Security and Compliance Content Library

Internet of Things (IoT)

Consumer IoT: ETSI EN 303 645
Authentication and Access Control
Availability and Systems DoS Protection
Communication Protocols
- Bluetooth, HyperCat, MQTT, Pub/Sub, Thread, WiFi, XMPP, ZigBee, AMQP
RFID Solutions
OWASP IoT Top 10 (OWASP IoT Attack Surface [Archived])

AI, ML, and LLMs*

NIST AI Risk Management Framework (RMF)
OWASP Top 10 for Large Language Model Applications
LLM-based Code Generation Security
ML Security: OWASP ML Security Top Ten and ENISA Security ML Algorithms
AWS SageMaker
EU AI Act
AI/Data Engineering Cloud Services: AWS Sagemaker, AWS Bedrock, AWS Lake Formation, Azure OpenAI, Azure Data Lake Storage, GCP Vertex AI
AI Use Cases: Fine-tuning, RAG, Use of vector databases

*Artificial Intelligence (AI), Machine Learning (ML) and Large Language Models (LLMs)

Automotive Security

Connected cars communication protocols, secure update, privacy, access control, and encryption requirements.
UNECE WP29/R155 and ISO 21434
ISO/SAE 21434:2021 Road vehicles — Cybersecurity engineering

Regulatory and Compliance:

ANSI/ISA/IEC 62443-3-3
ANSI/ISA/IEC 62443-4-1
ANSI/ISA/IEC 62443-4-2
ANSSI/France Digital Signature and Encryption Requirements
Chinese Cybersecurity Law
CNSSI 1253
CSA Cloud Controls Matrix (CCM) v3 & v4
Cybersecurity Maturity Model Certification (CMMC) [v1 and v2]
DIACAP
European Banking Authority (EBA) Security of Internet Payments
FedRAMP
GLBA
HIPAA
ISASecure SSA 311
ISASecure CSA 311
ISO 27001:2013/SOX
ISO 27001:2022/SOX
MAS-TRMG
NIST Cybersecurity Framework
NYDFS

Privacy Related:

Anti-Spam Guidelines/CASL
Brazilian LGPD
California Consumer Privacy Act (CCPA)
California Privacy Right Act (CPRA) (California Civil Code)
California Online Privacy Protection Act (CalOPPA)
CNIL Cookie Guidelines
COPPA
EU Privacy and Cookie Laws
GAPP
GDPR (& /UK)
New York Shield Act (S5575B)
NIST 800-53 Privacy Controls
PA-DSS 3.2
PCI DSS 4, PCI DSS 3.2
PIPEDA/ECPA/CAN-SPAM
SOC2 (Based on AICPA TrustServices Criteria)

Industry Standards

ASD-STIG 5
ASVS 4.0
CVSS
CWE 4.13
CWE Top 25, 2023
MDS2-2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP API Top 10, 2023
OWASP Top 10 Privacy Risks v2.0
Secure Controls Framework (SCF)
PCI SSF: SSLC (1.1) & S3 (1.0)
DISA Control Correlation Identifier (CCI) Framework

NIST 800-147/800-155 BIOS/FW
NIST 800-171 Non Federal Systems
NIST 800-53r4 (Granular Mandates)
NIST 800-53r5
NIST 800-82 Industrial Control Systems
NIST 800-95 Web Services
NIST 800-190 Containers
NIST 800-218 SSDF
NISTIR 8397 (Verification Req.)
EO14028: NIST Critical Software Req.
Consumer IoT: ETSI EN 303 645

Web Applications and Services

Angular
Apex for Force.com
C#/ASP.net (.NET 6, WCF and Core 3)
Django (Python)
GoLang
HTML5 and CSP
Java Libraries and Frameworks: ESAPI, Struts, Spring, Apache Wicket, Hibernate
Java SE / EE
Javascript
TypeScript

JSP, Servlets
NGINX
Node.js
NoSQL / SQL
OAuth and OIDC
PHP
Python
Ruby on Rails
Rust
SOAP / REST
GraphQL
Web servers: Apache and IIS
XML and YAML Security

Operational and Deployment Security

Process-level Cloud Security Guidelines
Provider-agnostic Story-driven Cloud Content
Amazon Web Services (AWS)(Foundations and 3-Tier CIS Benchmarks)[AWS Services: AMI, API Gateway, Aurora, Auto Scaling, CloudFront, CloudWatch, Cognito, Config, DynamoDB, EBS, EC2, ECS, EKS, ELB, IAM, Kinesis Data Firehose, Kinesis Data Streams, KMS, Lambda, RDS, Route53, S3, SageMaker, SNS, SQS, VPC, WAF, Certificate Manager, CloudFormation, Elastic Container Registry, Elastic File System, ElastiCache, Managed Streaming for Apache Kafka, MQ, OpenSearch Service, RedShift, Secrets Manager, Simple Email Service, Step Functions, Systems Manager, Transfer Family, AWS CodePipeline, CodeArtifact, Elasticache, X-Ray, Athena, Backup, DataSync, Direct Connect, EventBridge, Fargate, AWS FSx, GuardDuty, Inspector, Neptune, Rekognition, and many more]
Google Cloud Platform [Google Cloud Services: BigQuery, Cloud Audit Logs, Cloud DNS, Cloud IAM, Cloud Key Management Service, Cloud SQL, Cloud Storage, Compute Engine, Kubernetes Engine, Stackdriver, Virtual Private Cloud (VPC), Vertex AI]
Apache HTTP Server
Apache Tomcat Server
Containerization tools: Docker, OpenShift, Kubernetes, PodMan
CI/CD tools: CircleCI
IaC Tools: Terraform, Azure Resource Manager (ARM), Ansible
Microservices Infrastructure
Microsoft IIS Server
Microsoft SQL Server

MySQL
Network [WiFi, Bluetooth, FTP, Directory Server, DNS Server, Firewall, FTP Server, IDS/IPS, Load Balancer, Message Broker, File Transfer Protocol (FTP), Virtual Private Network (VPN), Proxy Server, Router, Service Bus, Virtual Private Network (VPN) Server, 3G, 4G/LTE, 5G, LoRa, Modbus, Advanced Message Queuing Protocol (AMQP), Content Delivery Network (CDN)]
Databases [Generic Database, Oracle, PostgreSQL, InfluxDB, Neo4j, MariaDB, CockroachDB, Apache Cassandra, MarkLogic, and SQLite]
GitHub
Microsoft Azure (Microsoft Cloud Security & Azure Security Benchmarks)[Azure Services: Active Directory, AKS, Azure Functions, Key Vault, Monitor, Multi-Factor Authentication, Network Watcher, Resource Manager, Security Center, SQL Database, Storage, Virtual Machines, Virtual Network, Azure AI Bot Service, Azure Databricks, Azure Machine Learning, Azure OpenAI Service, Azure Analysis Services, Azure Data Explorer, Azure Data Lake Analytics, Azure Event Hubs, Azure Stream Analytics, Azure Synapse Analytics, Azure App Service, Azure Batch, Azure Linux Virtual Machines, Azure Spring Apps, Azure Virtual Desktop, Azure Virtual Machine Scale Sets, Azure VMware Solution, Azure Windows Virtual Machines, Azure Container Apps, Azure Container Instances, Azure Container Registry, Azure Red Hat OpenShift, Azure Cache for Redis, Azure Cosmos DB, Azure Data Factory, Azure Database for MariaDB, Azure Database for MySQL, Azure Managed Instance for Apache Cassandra, Azure SQL, Azure App Configuration, Azure DevTest Labs, Azure Arc, Azure Stack Edge, Azure Active Directory External Identities, Azure API Management, Azure Event Grid, Azure Logic Apps, Azure Service Bus, Azure Web PubSub, Azure IoT Central, Azure IoT Hub, Azure Notification Hubs, Azure Automation, Azure Cloud Shell, Azure Cost Management, Azure Lighthouse, Azure Managed Applications, Azure Policy, Azure Purview, Azure Resource Manager templates, Azure Resource Mover, Azure Media Services, Azure Database Migration Service, Azure Migrate, Azure Site Recovery, Azure Digital Twins, Azure Remote Rendering, Azure Spatial Anchors, Azure Application Gateway, Azure Bastion, Azure Communications Gateway, Azure Content Delivery Network, Azure DDoS Protection, Azure DNS, Azure Firewall, Azure Firewall Manager, Azure Front Door, Azure Load Balancer, Azure NAT Gateway, Azure Network Watcher, Azure Private Link, Azure Traffic Manager, Azure Virtual WAN, Azure VPN Gateway, Azure Web Application Firewall, Azure PostgreSQL Database, Azure Attestation, Azure Dedicated HSM, Azure Defender for Cloud, Azure Information Protection, Azure Key Vault Managed HSM, Azure Sentinel, Azure Backup, Azure Data Box, Azure Data Share, Azure HPC Cache, Azure Managed Lustre, Azure NetApp Files, Azure Communication Services, Azure SignalR Service, Azure Blob Storage, Azure Data Lake Storage, SQL Managed Instance, Azure Static Web Apps, and many more]

Just-in-time Training

Over 950 bite-sized training modules associated directly with specific Countermeasures, to teach developers about secure coding.

Covers existing eLearning course library.
Includes training on compliance and application security.

Mainframe Applications

Secure Development Guidelines
COBOL

Client and Desktop Applications

.NET 8
C/C++ (POSIX and Microsoft)
Bash/Shell (Linux)

Mobile Applications

Android Framework (Java and Kotlin)
iOS framework (Objective-C and Swift)
Flutter / Dart
OWASP Mobile ASVS
OWASP Mobile Top 10

Hardware Security

Hardware Weaknesses based on CWE 4.3 weaknesses
Hardware, firmware, and embedded device controls
Bluetooth Security

Support for additional content and regulations, including organization-specific detail, may be achieved via customization.

Integrations

Issue Tracker Integrations

Atlassian JIRA
Broadcom Rally (formerly CA Agile Central)
GitHub
GitLab
IBM Rational Collaborative Lifecycle Management (IBM Rational Team Concert)
Micro Focus (HP) Quality Center / ALM
Microsoft Azure DevOps and DevOps Server
Pivotal Tracker
ServiceNow
Digital.ai Agility (formerly VersionOne)

Security Tool Integrations

Web Services Capability:

File Upload Only:

Black Duck
Checkmarx
Coverity
Fortify on Demand
HCL (IBM) AppScan Enterprise
Klocwork
Micro Focus (HP) Fortify SSC
Nessus
OWASP Dependency Track
SonarQube
ThreadFix
Prisma Cloud (formerly Twistlock)
Veracode
WhiteHat Sentinel
Mend (formerly Whitesource)
Snyk

HCL (IBM) AppScan On Cloud (ASOC)
HCL (IBM) AppScan Source
HCL (IBM) AppScan Standard
Micro Focus (HP) WebInspect
OWASP Dependency-Check

DevOps Tool Integrations

Jenkins
Microsoft Azure DevOps Pipelines
XebiaLabs XL Release

Project Integrations

Systems:

Data:

Atlassian BitBucket
BitDiscovery
Git
GitHub
GitLab
Microsoft Azure DevOps
Micro Focus (HP) Fortify SSC
ServiceNow

Structured data (JSON, CSV, Google Sheet, ODBC)
Unstructured text (Keywords, regular expressions)
Source code (C#, Go, Objective C, Java, JavaScript, PHP, Python, Ruby, Swift)

GRC Platform Integrations

RSA Archer (IT Security Risk)

Support for additional Integrations may be achieved via custom plug-in.

Support Plans

Well-considered implementation plans and ongoing support, right-sized to each organization’s needs for the successful rollout and adoption of SD Elements

Base: for mid-size companies with 10-25 projects
Standard: for larger organizations with 25-500 projects and more than 1 development team
Premium: for companies with 500+ projects, complex requirements, and numerous development teams

Datasheet

SD Elements Datasheet v2024.3

results matching ""

No results matching ""