Principles are based on scientific sources.
| Name | Provide Standardized Security Policies |
| Sources | (Garfinkel, 2005) |
| Synonyms | None |
| Intent | Provide a few standardized security configurations that can be audited, documented, and taught to users. |
| Motivation | Today’s computer systems provide security policy “construction kits” that allow organizations and even end-users to custom-tailor the security policy of their computers to meet their own exacting needs. But most organizations and end-users are simply not qualified to make these decisions. The result is a proliferation of policies and configurations which have fundamentally unknown (and frequently unknowable) security properties. It is better to provide a few standardized policies that generally do not need to be customized. |
| Examples | None |
| Guidelines | Simplify Access Control Models Usable Crypto APIs |
| Tags | Conformity, Generality, General Validity |
| Log history | [02/14/2016]: Added to repository |
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.