SCA Body of Knowledge (SCA-BoK) & Reference Materials

The SCA references numerous leading frameworks and standards for Secure Software Development Practices (SSDP) in an effort to provide “industry-recognized secure practices” references. These voluntary consensus standards, most publicly available at no cost, are referenced by the SCA's conformity assessment.

Industry-Recognized Secure Practices

For industry-recognized secure practices, the SCA’s intent is to leverage freely-available content that are available at no cost to the public. In the realm of secure development practices, there are certain voluntary consensus standards that are important to consider as industry-recognized practices and those primarily include, but are not limited to:

NIST SP 800-160 Vol 1 Rev 1 (Engineering Trustworthy Secure Systems)
NIST SP 800-160 Vol 2 Rev 1 (Developing Cyber Resilient Systems: A Systems Security Engineering Approach)
NIST SP 800-218 (Secure Software Development Framework)
ISO/IEC/IEEE 15288 (Systems and software engineering — System life cycle processes)
OWASP Top Ten
Microsoft Security Development Lifecycle

Useful References

For reference materials, the following material can be valuable:

Secure Code Alliance Body of Knowledge (SCA-BoK)

SCA-BoK

The SCA-BoK is a summarized version of these industry-recognized secure practices that provides expectations for knowledge / competency associated with the Certified SCA Practitioner (CSCAP) and Certified SCA Architect (CSCAA) roles.

Download

SCA Body of Knowledge (SCA-BoK) & Reference Materials

Industry-Recognized Secure Practices

Useful References

Secure Code Alliance Body of Knowledge (SCA-BoK)

OTHER LINKS

Privacy Notice
Blog

SOCIAL

ABOUT

Subscribe To The SCA Newsletter