Committed to connecting the world

  •  

ITU-T work programme

[2025-2028] : [SG17] : [Q4/17]

[Declared patent(s)]  - [Associated work]

Work item: X.1221 (ex X.MVSC)
Subject/title: Minimal viable security controls for enterprise-ready applications (MVSC)
Status: Determined on 2026-06-10 
Approval process: TAP
Type of work item: Recommendation
Version: New
Equivalent number: -
Timing: 2027-04 (Medium priority)
Liaison: -
Supporting members: Google Inc., Broadcom Europe Ltd.
Summary: This recommendation, Minimum Viable Security Controls (MVSC), defines a baseline security level applicable to any organization developing or procuring enterprise software. The baseline encompasses business controls, secure application design, implementation, and operation. While not a replacement for comprehensive security frameworks, its simplicity allows organizations to efficiently implement these controls for vendor selection, self-assessment, SDLC, and contractual controls without heavy resource investments. The essential application security controls and descriptions are detailed in Clause 6 of the recommendation, while Annex A provides the technical rationale, and justifications for each control.
Comment: -
Reference(s):
  Historic references:
Contact(s):
ITU-T A.5 justification(s):
Generate A.5 drat TD
-
[Submit new A.5 justification ]
See guidelines for creating & submitting ITU-T A.5 justifications
First registration in the WP: 2025-04-16 17:00:38
Last update: 2026-06-26 15:37:55