Security Compass is making Security by Design easier than ever for software development teams with the 2023.3 release. New features now available in SD Elements 2023.3 include:
- New AI governance, large language models (LLM), Consumer IoT, Rust, and ISO 27001:2022 security content
- Scheduled user deactivation and reactivation
- SD Elements library and content improvements
- Enhanced Auditing
Developer-centric Security Content
Create an AI Governance framework based on NIST AI RMF
SD Elements has added security content to help your organization create an AI governance framework. This framework is based on the NIST AI Risk Management Framework, which provides guidance on how to govern, map, measure, and manage the usage of AI products.
The survey has a new section: “Artificial Intelligence/Machine Learning.”
When you select “AI governance tasks are in scope” and complete the survey, you will then be provided with weaknesses, countermeasures, and a report based on the NIST AI RMF.
Embed security for the OWASP Top 10 LLM Applications with ease
SD Elements now supports developer-centric recommendations for the OWASP Top Ten Large Language Models Applications.
When you select “Uses Large Language Models (LLM)” and complete the survey, you will then be provided with weaknesses and countermeasures based on the OWASP Top 10 for Large Language Model Applications.
Prevent large-scale, prevalent attacks against your IoT devices
SD Elements will be adding new countermeasures and a report for IoT: ETSI EN 303 645 to ensure your organization is aligned with this globally recognized standard for manufacturing consumer IoT devices.
When selecting a Compliance Report, you now have the option to select EN 303 645, which will generate a list of potential countermeasures and their completion status.
SD Elements now supports security content for Rust.
ISO 27001: 2013 → ISO 27001: 2022
When selecting a Compliance Report, you now have the option to select ISO 27001:2022, which will generate a list of potential countermeasures and their completion status.
Automate the user lifecycle management process
SD Elements now supports the scheduled auto-deactivation of user identities directly from the SD Elements user interface as well as reactivation of deactivated user identities that are using SSO (SAML, LDAP). To automatically deactivate and reactivate user identities:
Set the parameter and the number of days in which specific users’, or groups’, identity should be deactivated. The ability to either select specific users and/or groups will give you more granular control over your user lifecycle management workflow.
Automatically reactivating users via SSO Login can now be completed in two clicks.
Migrate Activated and Deactivated Library Content
You can now export deactivated content, set content to deactivate or activate upon import, and delete custom content upon import within SD Elements.
All content updates are now made available in Global Activity Logs, Project Activity Logs, and Countermeasure Activity Logs.
Security Compass, the Security by Design company, helps organizations who develop software save time and money and reduce cyber risks through education and by taking an automated, developer-centric approach to software threat modeling, secure development, and compliance. This approach enables software developers and security teams to:
- Understand best practices for embedding product security
- Continuously model threats at scale
- Proactively write code that significantly reduces risks and remediation costs
- Demonstrate compliance with secure software development standards more easily
- Accelerate software time to market
If you are a current SD Elements customer, please reach out to your Customer Success Manager to learn more.
If you are new to SD Elements, request a demo to learn more.