[SFD1.1: 104] Integrate and deliver security features.
Provide proactive guidance on preapproved security features for engineering groups to use rather than each group implementing its own security features. Engineering groups benefit from implementations that come preapproved, and the SSG benefits by not having to repeatedly track down the kinds of subtle errors that often creep into security features (e.g., authentication, role management, key management, logging, cryptography, protocols). These features might be discovered during SSDL activities, created by the SSG or specialized development teams, or defined in configuration templates (e.g., cloud blueprints) and delivered via mechanisms such as containers, microservices, and APIs. Generic security features often must be tailored for specific platforms. For example, each mobile and cloud platform will likely need its own means by which users are authenticated and authorized, secrets are managed, and user actions are centrally logged and monitored. It’s implementing these defined security features that generates real progress, not simply making a list of them.