CISSP Domain 3: Security Architecture and Engineering focuses on the structured design, implementation, and management of secure computing systems. This domain explores the technical and engineering principles required to build and maintain a secure IT infrastructure across all layers—hardware, software, and firmware.
Security architecture is about integrating security into the system development lifecycle (SDLC), while engineering focuses on applying best practices to protect the confidentiality, integrity, and availability of data.
Core Concepts in CISSP Domain 3
1. Secure Design Principles
Security must be embedded into systems from the ground up. Key secure design principles include:
- Least Privilege: Users and processes should operate using the minimum privileges necessary.
- Defense in Depth: Multiple layers of controls ensure redundancy and resilience.
- Fail-Safe Defaults: Systems default to a secure state unless explicitly overridden.
- Separation of Duties: Prevents conflict of interest by distributing critical tasks among multiple users.
- Economy of Mechanism: Systems should be as simple and small as possible to reduce vulnerabilities.
2. Security Models
Security models provide formal approaches to defining access control policies:
- Bell-LaPadula Model: Enforces confidentiality via “no read up, no write down.”
- Biba Model: Focuses on integrity—“no write up, no read down.”
- Clark-Wilson Model: Ensures integrity through well-formed transactions and separation of duties.
- Brewer-Nash Model (Cinderella Model): Prevents conflicts of interest, often used in commercial applications.
- Graham-Denning and Harrison-Ruzzo-Ullman Models: Address dynamic access control mechanisms.
Understanding these models helps apply the correct controls for different organizational needs.
3. Security Architecture Frameworks
- SABSA (Sherwood Applied Business Security Architecture): Aligns security with business goals.
- TOGAF (The Open Group Architecture Framework): Enterprise architecture model including security layers.
- Zachman Framework: A matrix for organizing architecture artifacts.
- ISO/IEC 42010: International standard for system architecture descriptions.
These frameworks help design consistent and secure architectures.
4. System Security Evaluation
Security assurance methods evaluate how well systems meet security requirements:
- Common Criteria (ISO/IEC 15408): Global standard for IT product evaluation with Evaluation Assurance Levels (EALs).
- TCSEC (Orange Book): U.S. DoD standard emphasizing confidentiality.
- ITSEC: European standard, predecessor to Common Criteria.
Understanding these helps professionals assess the trustworthiness of systems and components.
5. Secure Hardware and Firmware Design
Hardware and firmware require security controls at the physical and microcode levels:
- Trusted Platform Module (TPM): Hardware-based security to store cryptographic keys.
- Hardware Security Module (HSM): Tamper-resistant hardware for key management.
- UEFI and BIOS: Must be securely configured and updated to prevent low-level attacks.
- Side-channel attacks: Exploit physical characteristics like timing or power usage.
Securing these layers is critical to preventing root-level exploits.
6. Cryptography
Cryptographic systems support confidentiality, integrity, authentication, and non-repudiation:
- Symmetric Encryption: Uses the same key for encryption and decryption (e.g., AES).
- Asymmetric Encryption: Uses public-private key pairs (e.g., RSA, ECC).
- Hashing: Ensures data integrity (e.g., SHA-2, SHA-3).
- Digital Signatures: Verify authenticity and integrity.
- Key Management: Includes lifecycle, generation, distribution, and destruction.
- PKI (Public Key Infrastructure): Framework for digital certificate management.
CISSP candidates must understand both theoretical and practical aspects of cryptography.
7. Security in Embedded Systems and IoT
IoT and embedded systems require lightweight, embedded security controls:
- Limited processing power makes traditional encryption challenging.
- Secure boot, secure firmware updates, and strong device authentication are vital.
- Common risks include default passwords, insecure communication, and lack of patching.
Security engineering must consider constraints and apply proportionate safeguards.
8. Vulnerabilities and Countermeasures
Domain 3 covers technical vulnerabilities and associated defenses:
- Buffer overflows
- Race conditions
- Time-of-check to time-of-use (TOCTOU)
- Memory leaks
- Privilege escalation
Engineers must incorporate validation, error handling, and secure coding practices into systems to mitigate these threats.
Why Domain 3 Matters
This domain represents the technical depth of CISSP and equips professionals to:
- Design systems that are secure by default
- Evaluate existing architectures and identify gaps
- Integrate controls at the hardware, software, and firmware levels
- Apply cryptography effectively in real-world systems
Conclusion
CISSP Domain 3: Security Architecture and Engineering blends security theory with hands-on practices. It requires professionals to apply structured design principles, leverage security models and frameworks, and integrate secure technologies throughout the IT environment.
Whether building new systems or assessing existing ones, this domain is foundational for engineers, architects, and CISSP candidates aiming to drive secure innovation.
