SD Blueprint

🔥 Subscribe to Our Monthly Security Digest Newsletter

📢 Webinar: The Future of Application Security | May 22nd, 2024

🔥 Upcoming Webinar: The ROI for Security by Design – March 26th | 2pm EST

🔥 Subscribe to Our Monthly Security Digest Newsletter
Sign Me Up

Webinar: The Future of Application Security
May 22nd, 2024 Save your spot now

Automate threat model generation, management of security requirements, and adherence to regulatory compliance.

What is SD Blueprint?

SD Blueprint accelerates your team’s ability to identify security and regulatory compliance requirements, regardless of their level of product security expertise.

Simplified Onboarding Workflow

SD Blueprint provides a seamless onboarding experience through in-product guidance.

Multiple Input Sources

SD Blueprint swiftly identifies security and compliance requirements through importing existing threat model diagrams, creating new diagrams within SD Blueprint, or completing a survey.

Risk Prioritization

SD Blueprint prioritizes threats, weaknesses, and the corresponding countermeasures based on risk. These requirements are aligned with the different phases of the development lifecycle and cover relevant regulations.

Expansive Security Content Library

SD Blueprint’s content library encompasses regulatory compliance, privacy standards, industry standards, secure coding frameworks, and cloud security.

Compliance Reports

With SD Blueprint, you can generate compliance reports based on our list of distinct regulations and standards.

CAPABILITY 1:

Simplified Onboarding workflow

SD Blueprint offers in-product guidance, empowering users to confidently identify security and compliance requirements independently.

CAPABILITY 2:

Multiple Input Sources

Whether you import existing threat model diagrams, create them from scratch, or complete the SD Blueprint survey, SD Blueprint will intelligently identify and rank security and compliance requirements based on risk.

CAPABILITY 3:

Risk Prioritization

SD Blueprint prioritizes threats, weaknesses, and the corresponding countermeasures. These requirements are aligned with different phases of the development lifecycle and cover relevant regulations.

CAPABILITY 4:

Expansive Security Content Library

SD Blueprint’s content library of threats, weaknesses, and countermeasures covers 70+ regulations and standards.

CAPABILITY 5:

Compliance Reports

With SD Blueprint, you can generate compliance reports from our list of distinct regulations and standards.

Compliance Regulations in SD Blueprint

AICPA Trust Services Criteria (SOC2)
California Consumer Privacy Act (CCPA)
California Online Privacy Protection Act
CIS Amazon EKS Benchmark
CIS AWS Foundations Benchmark
EN 303 645 (Consumer IoT)

CIS AWS Three-Tier Web Architecture Benchmark
CIS Google Cloud Platform Foundation
CNSSI
COPPA
CWE/SANS Top 25
CWE Top 25 2023
Cybersecurity Maturity Model Certification (CMMC)
EBA-Security of Internet Payments
GAPP
GDPR

GDPR: Agile Development Report
GLBA
HIPAA
ISO 27001
NIST 800-53
NIST 800-82
NIST 800-171
NIST-EO-Critical-Software
NIST-EO-Software-Verification
NIST-EO-Software-Verification

NIST-SSDF
NYDFS
NY SHIELD
OWASP Top 10
OWASP Top 10 Privacy Risks
PA-DSS
PCI-DSS
PIPEDA

Developer-Centric Security

Effortless Integration, Frictionless Processes, Optimal Results

Are your developers empowered to independently create thorough threat models? The journey begins with the right resources and training.

Time is of the essence when identifying security and compliance requirements. Discover the pathway to efficiency without hurdles.

How do we integrate security seamlessly without disrupting developer workflows, avoiding
added friction?

How do we integrate security seamlessly without disrupting developer workflows, avoiding added friction?

Balancing enhanced security with team harmony: how do we ensure decisions always prioritize the developer experience?

Select the product that’s right for you

Getting Started

5 projects

Starting from

$20K* annually

SD Blueprint

Leveling Up

15 projects

Starting from

$45K* annually

SD Blueprint

Getting Started

5 projects

Starting from

$20K* annually

SD Blueprint

Leveling Up

15 projects

Starting from

$45K* annually

* Pricing is in USD and only valid for new Security Compass customers headquartered within North America. For companies outside of North America please contact us.

SD Blueprint

Getting Started

Starting from

$20K

annually

5 projects

*unlimited releases per project

Diagram tools
Security content
Compliance
Code samples for developers
Dashboards and project reports
Base support only

SD Blueprint

Leveling Up

Starting from

$45K

annually

15 projects

*unlimited releases per project

Diagram tools
Security content
Compliance
Code samples for developers
Dashboards and project reports
Standard and premium support

SD Blueprint

Enterprise

Starting from

$75K

annually

15 projects

*unlimited releases per project

Diagram tools
Security content
Compliance
Code samples for developers
Dashboards and project reports
Advanced reporting
Customize unique requirements
DevSecOps tools integrations
Standard and Premium support

US Fed and Government

Call for details

What problems does SD Blueprint solve?

What types of threats does the solution help to identify?

All threats are contextualized to the diagram you import or build within SD Blueprint. These threats will be broken down at the component level and across the different phases in the development lifecycle. The threats will also be organized into the STRIDE categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

How does the solution integrate with existing development workflows?

The repository scan feature allows automatic scanning of your GitHub and GitLab repositories to create a threat model diagram or build a survey. Solutions and secure code suggestions can be added directly into your integrated development environment (IDE).

What kind of reporting does the solution provide?

SD Blueprint offers reports for each of your projects. These reports include:

Compliance Reports: This report outlines the completion status of countermeasures that apply to a particular compliance regulation (HIPAA, PCI DSS, etc).
Project Risk Policy Reports: This report provides a list of the countermeasures that need to be addressed in your project in order to be compliant with their assigned risk policies.
Completion Status Reports: This report summarizes the completion status of security countermeasures in specific phases of your project.
Weakness Summary Reports: This report outlines the weaknesses (security risks) in your project that have been identified by SD Blueprint.
Countermeasure Reports: This report summarizes all the countermeasures relevant to your project.

Does the solution support collaboration?

Once your requirements have been identified, you will have the ability to assign them to specific users to address. This includes leaving notes and assigning specific users to complete specific countermeasure(s).

How does the solution handle updates and evolving threat landscapes?

Security Compass ensures the quality of our security content by having it maintained and continually updated by our dedicated security research team.

What kind of training or support is available?

Each countermeasure provides a solution to address the requisite weakness. Certain countermeasures will also provide “How-Tos” that will include secure code samples that can be added to your IDE.
SD Blueprint will also have in-app guides to support first time users.

How does the solution help with regulatory compliance?

Once your requirements have been identified, each countermeasure will highlight the specific sections of each regulation that it addresses. To assess overall compliance progress, such as PCI-DSS v4.0, you can select that regulation within the Project Reports → Compliance Reports section.

Additional resources

Interested in benefits of automating your processes?

By automating key portions of your proactive manual security processes, you can speed up software releases and improve product security — all at the same time.

SD Elements | SD Blueprint

Training

Product Info

Solutions

Industries

Training

Research

Upcoming Events

Resources

Media

Documents

Application Security Training

What is SD Blueprint?

Simplified Onboarding Workflow

Multiple Input Sources

Risk Prioritization

Expansive Security Content Library

Compliance Reports

CAPABILITY 1:

Simplified Onboarding workflow

CAPABILITY 2:

Multiple Input Sources

CAPABILITY 3:

Risk Prioritization

CAPABILITY 4:

Expansive Security Content Library

CAPABILITY 5:

Compliance Reports

Compliance Regulations in SD Blueprint

Developer-Centric Security

Effortless Integration, Frictionless Processes, Optimal Results

Developer Empowerment

Efficiency in Compliance

Frictionless Integration

Prioritizing Developer Experience

SD Blueprint

$20K* annually

SD Blueprint

$45K* annually

SD Blueprint

$20K* annually

SD Blueprint

$45K* annually

SD Blueprint

$20K

Recommended

SD Blueprint

$45K

SD Blueprint

$75K

US Fed and Government

Call for details

What problems does SD Blueprint solve?

Additional resources

Interested in benefits of automating your processes?

Product Info

Solutions

Industries

Application Security Training

Products

SD ELEMENTS

SD BLUEPRINT

SOLUTIONS

INDUSTRIES

APPLICATION SECURITY TRAINING

Resources

MEDIA

DOCUMENTS

APPLICATION SECURITY TRAINING

PRODUCT TOURS

Security BY DESIGN

Company

SD ELEMENTS

SD ELEMENTS

Product Info

Solutions