Cybersecurity controls are selected and implemented to meet cybersecurity requirements
Context and Guidance: The cybersecurity architecture includes design decisions—tactics—to implement cybersecurity requirements defined in ARCHITECTURE-1f. For example, confidentiality—the requirement not to disclose sensitive information to unauthorised parties—may be realised by a control that ensures no credit card information is retained by a web-based user interface after a payment transaction has completed. As another example, confidentiality and integrity may be addressed by placing additional encryption controls on external connections such as cellular, satellite, or city fiber provided by an external entity. Selected controls are documented in the cybersecurity architecture.
Related Practices • Input From: Implementing ARCHITECTURE-1f provides input that may be useful for implementing this practice.