|
Work item:
|
X.1221 (ex X.MVSC)
|
|
Subject/title:
|
Minimal viable security controls for enterprise-ready applications (MVSC)
|
|
Status:
|
Determined on 2026-06-10
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2027-04 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
Google Inc., Broadcom Europe Ltd.
|
|
Summary:
|
This recommendation, Minimum Viable Security Controls (MVSC), defines a baseline security level applicable to any organization developing or procuring enterprise software. The baseline encompasses business controls, secure application design, implementation, and operation. While not a replacement for comprehensive security frameworks, its simplicity allows organizations to efficiently implement these controls for vendor selection, self-assessment, SDLC, and contractual controls without heavy resource investments.
The essential application security controls and descriptions are detailed in Clause 6 of the recommendation, while Annex A provides the technical rationale, and justifications for each control.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2025-04-16 17:00:38
|
|
Last update:
2026-06-26 15:37:55
|