Home > Blog > CISSP Domains > CISSP Domain 3: Security Architecture and Engineering

CISSP Domain 3: Security Architecture and Engineering

April 21, 2025 CISSP Pocket Coach CISSP Domains
CISSP Domain 3: Security Architecture and Engineering - Illustration
×
CISSP Domain 3: Security Architecture and Engineering - Full Size

Technology evolves, but sound architecture endures. Domain 3: Security Architecture and Engineering is the technical core of the CISSP certification. It dives into the design principles and system-level controls that ensure secure, resilient, and trusted computing environments.

As a CISSP candidate, you’ll be expected to not only understand how systems work — but how to build security into them by design. Whether it’s evaluating cryptographic protocols or assessing hardware trust anchors, Domain 3 is where theory meets applied security engineering.

Foundations of Secure Design

Security Models and Architecture Principles

Strong architectures are built on security design principles:

  • Least Privilege: Limit access to the minimum necessary.
  • Defense in Depth: Use multiple layers of security controls.
  • Fail-Safe Defaults: Deny by default unless explicitly allowed.
  • Separation of Duties: Avoid conflicts of interest and reduce fraud risk.
  • Economy of Mechanism: Keep designs simple to reduce attack surface.

Understanding formal security models helps translate principles into enforceable policy:

  • Bell-LaPadula: Focus on confidentiality (no read up, no write down).
  • Biba Model: Prioritizes integrity (no write up, no read down).
  • Clark-Wilson: Focused on commercial integrity through transaction controls.
  • Brewer-Nash (Cinderella Model): Prevents conflicts of interest (e.g., in consulting environments).

Security Zones and Control Types

Architectures often define zones (e.g., DMZ, trusted/internal, restricted) with different control objectives. Each layer uses physical, technical, and administrative safeguards:

  • Perimeter firewalls, network segmentation, host-based controls
  • Access control mechanisms, monitoring, policy enforcement

Cryptography: Theory to Practice

Cryptographic Concepts

Cryptography is fundamental to secure systems. CISSP candidates must understand:

  • Symmetric encryption (e.g., AES): Fast, same key for encryption/decryption
  • Asymmetric encryption (e.g., RSA): Public/private key pairs for secure exchange
  • Hashing (e.g., SHA-256): Ensures data integrity
  • Digital signatures: Prove origin and integrity

Also key: understanding key management, including:

  • Key generation
  • Key distribution and storage
  • Key rotation and revocation

Common Attacks and Countermeasures

Cryptography isn’t infallible. Common threats include:

  • Brute force (mitigated by key length and entropy)
  • Birthday attacks (on hashes — mitigated by strong hash functions)
  • Man-in-the-middle attacks (prevented with certificates and mutual authentication)

Proper implementation matters more than the algorithm. A flawed integration — like poor entropy in random number generation — can undermine even strong encryption.

System Security and Trusted Computing

Hardware and System Components

Security engineering goes beyond software:

  • Trusted Platform Modules (TPMs): Secure cryptographic operations and attestation
  • Hardware Security Modules (HSMs): Isolated cryptographic processors for high assurance
  • Secure Boot: Verifies code integrity before execution

CISSP candidates must understand the chain of trust from hardware to OS and application.

Evaluating System Assurance

Key frameworks include:

  • Common Criteria (ISO/IEC 15408): International standard for product evaluation
    • EAL levels (1-7): Measure assurance from functional to formally verified
  • Security Functional Requirements (SFRs): Define what the system must enforce

Other notable standards:

  • FIPS 140-3: Cryptographic module validation
  • TCSEC (Orange Book): US DoD standard for trusted systems (legacy, but foundational)

Conclusion

Domain 3 bridges theory and implementation. It equips CISSPs to understand how systems should be architected, built, and validated to ensure confidentiality, integrity, and availability from the ground up.

For candidates, this is your deep dive into the technologies and engineering practices that secure modern infrastructure — from silicon to software.

Study Questions

  1. What is the primary security focus of the Bell-LaPadula model?
  2. How does the principle of least privilege improve security?
  3. Name three common cryptographic attacks and how to mitigate them.
  4. What is the purpose of a Trusted Platform Module (TPM)?
  5. What does an EAL level in Common Criteria represent?