SCA Body of Knowledge (SCA-BoK) & Reference Materials
The SCA references numerous leading frameworks and standards for Secure Software Development Practices (SSDP) in an effort to provide “industry-recognized secure practices” references. These voluntary consensus standards, most publicly available at no cost, are referenced by the SCA's conformity assessment.
Industry-Recognized Secure Practices
For industry-recognized secure practices, the SCA’s intent is to leverage freely-available content that are available at no cost to the public. In the realm of secure development practices, there are certain voluntary consensus standards that are important to consider as industry-recognized practices and those primarily include, but are not limited to:
-
NIST SP 800-160 Vol 1 Rev 1 (Engineering Trustworthy Secure Systems)
-
NIST SP 800-218 (Secure Software Development Framework)
-
ISO/IEC/IEEE 15288 (Systems and software engineering — System life cycle processes)
Useful References
For reference materials, the following material can be valuable:
Secure Code Alliance Body of Knowledge (SCA-BoK)
The SCA-BoK is a summarized version of these industry-recognized secure practices that provides expectations for knowledge / competency associated with the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) roles.