CIS Control 16.10: Apply Secure Design Principles in Application Architectures
Secure application architecture isn't an afterthought—it's the foundation of risk reduction. CIS Control 16.10 requires you to embed security principles like least privilege and continuous verification into how you design and segment your applications. This control directly reduces your attack surface and prevents unauthorized operations before they happen.
What this means
This control mandates applying core secure design principles—primarily least privilege (giving users only the minimum access needed) and enforcing mediation (validating every user operation without exception). The 'never trust, always verify' philosophy means treating every request as potentially hostile. Operationally, this includes segmenting application functions across separate servers, limiting network accessibility, and ensuring that no single component has unnecessary access to other systems or data.
How to comply
- 1.Document your secure design principles and ensure they're embedded in your architecture before deployment
- 2.Implement least privilege across all application functions—users and services should access only what's required for their role
- 3.Deploy mediation controls (e.g., API gateways, authorization layers) that validate and log every user operation
- 4.Segment application functions onto separate servers or containers to minimize cross-service exposure
- 5.Reduce network-accessible surface area by disabling unused ports, services, and features
- 6.Conduct design reviews to identify and eliminate trust assumptions between application components
- 7.Monitor and audit all mediation points to ensure policies are enforced in practice
Evidence auditors look for
- Application architecture diagrams showing segmented functions and trust boundaries
- Role-based access control (RBAC) or attribute-based access control (ABAC) policies enforced in code
- API gateway or service mesh configurations validating requests before forwarding
- Server/container inventory showing functional separation and minimal network exposure
- Security design documentation outlining least privilege and mediation strategies
- Audit logs demonstrating authorization checks on every user-initiated operation
- Code review records confirming secure design principles are implemented
Frequently asked questions
When will FAQs be available?
The FAQ for this control is currently being prepared.
GRCWatch helps you document and enforce secure design principles by automating the tracking of application architecture reviews, mediation policies, and least privilege configurations—eliminating manual audits of design controls.
See how GRCWatch handles this control automatically
Start free trial