[SR3.4: 19] Create standards for technology stacks.
The organization standardizes on the use of specific technology stacks. This translates into a reduced workload because teams don’t have to explore new technology risks for every new project. The organization might create a secure base configuration (commonly in the form of golden images, Terraform definitions, etc.) for each technology stack, further reducing the amount of work required to use the stack safely. In cloud environments, hardened configurations likely include up-to-date security patches, security configuration, and security services, such as logging and monitoring. In traditional on- premises IT deployments, a stack might include an operating system, a database, an application server, and a runtime environment (e.g., a LAMP stack). Standards for secure use of reusable technologies, such as containers, microservices, or orchestration code, means that getting security right in one place positively impacts the security posture of all downstream efforts (see [SE2.5]).