Certified SCA Architect (CSCAA)

CSCAA's are expected to: (1) Define the security architecture(s) the organization will follow for application development processes. (2) Define application development considerations for the organization’s risk management practices across the entire Software/System Development Life Cycle (SDLC). (3) Publish rules for the organization’s application development processes for development, testing, staging, and production environments. (4) Develop conformity assessment practices for the organization to follow in order to demonstrate alignment with stated Secure Software Development Practices. (5) Ensure that information security and privacy principles are an integral part of Secure Software Development Practices (SSDP) across the entire SDLC. (6) Ensure security & privacy-related measures are included in the requirements for new systems or enhancements to existing systems. (7) Ensure application development practices (internal and external) adhere to industry-recognized secure coding practices. (8) Develop Software Bill of Materials (SBOM) documentation for application development projects. (9) Oversee changes to Applications, Services and Processes (ASP) across the SDLC using formal change control procedures. (10) Oversee application security testing practices. (11) Implement the SSDP concepts and techniques for all High-Value Assets (HVA):  - New Systems;  - Dedicated or Special-Purpose Systems;  - System of Systems;  - System Modifications;  - System Evolution; and  - System Retirement.