About the Project
The Defensible 10 Standards project defines the first engineering-driven cybersecurity framework, uniting architects and engineers worldwide to design security that is measurable, defensible, and resilient.
History of the Defensible 10 Standards Project
The Defensible 10 Standards (D10S) represent the first engineering-driven cybersecurity architecture framework. Each standard defines measurable technical and architectural expectations—helping practitioners design, validate, and maintain secure, resilient systems built on an engineering discipline rather than compliance checklists.
Developed and governed by the Institute of Security Architecture United (ISAUnited.org), the D10S establishes a global foundation for defensible cybersecurity design across ten major domains.
Our Purpose
Cybersecurity has long relied on policy frameworks and vendor tools rather than structured engineering. The D10S changes that paradigm by introducing standards that are actionable, testable, and verifiable, enabling architects and engineers to practice cybersecurity as a true engineering discipline.
Our goal is simple: to advance global cybersecurity maturity through clarity, discipline, and practicality—creating architectures that are measurable, auditable, and built to withstand real-world adversarial conditions.
How the Standards Are Built
Each Defensible 10 Standard is authored, peer-reviewed, and validated through ISAUnited’s formal Defensible Standards Schema Function (D-SSF). These standards are developed, authored, and submitted by architects and engineers from across the world, representing diverse disciplines in IT, cloud, cybersecurity, and software engineering. They are vetted through ISAUnited’s open technical standards process.
This collaborative model ensures that every standard reflects global expertise, technical rigor, and defensible design validated by practitioners themselves.
History of the Defensible 10 Standards Project
The Defensible 10 Standards (D10S) originated from the ISAUnited Engineering Standards Initiative, launched under Task Group 39 (TG39) in early 2024.
At the time, the initiative operated under the working title “Project Defensible” - an experimental effort to determine whether cybersecurity could be structured, documented, and validated with the same rigor as in traditional engineering disciplines.
It began as part of ISAUnited’s Phase 1-Strategy and Phase 2-Planning Cycle for technical standardization, aimed at developing measurable, defensible frameworks that unified architecture and engineering practices under a single discipline.
Task Group 39, composed of architects, engineers, and technical practitioners across IT, cloud, and cybersecurity, was tasked with answering a fundamental question:
“What would a true engineering standard for cybersecurity look like?”
Over the course of 2024, TG39 explored this through collaborative workshops, peer research, and cross-domain mapping of principles drawn from civil, systems, and mechanical engineering.
This foundational work produced the prototype structure for what would become the Defensible Standards Schema Function (D-SSF) — the submission model now used for authoring and validating all ISAUnited technical standards.
By late 2024, Project Defensible had matured into a formalized standardization effort, officially renamed the Defensible 10 Standards (D10S) to represent the ten core parent domains of cybersecurity architecture and engineering.
Under the guidance of Chief Architect Art Chavez and the ISAUnited Standards Committee, TG39’s early framework evolved into today’s global, open technical standards program — a framework written by architects and engineers, for cybersecurity engineers.
Key Milestones
-
Late 2023 - Submission for a Project and Task Group formation (Phase 1 Strategy).
-
Early 2024 - Formation of Task Group 39 (TG39) – Engineering Standards Initiative (Phase 2 Planning).
-
Mid 2024 - Launch of Project Defensible – defining measurable cybersecurity engineering models. (Phase 3 Execution)
-
Late 2024 - Development of the Defensible Standards Schema Function (D-SSF) for standard submission.
-
December 2024 - Renamed to The Defensible 10 Standards (D10S) to reflect ten parent domains.
-
March 2025 - Publication of the Defensible 10 Standards – Draft Edition, governed by ISAUnited.
-
Fall 2025 - First Open Season for public submission of sub-standards by global practitioners.
Legacy of Task Group 39 (TG39)
The legacy of Task Group 39 is one of persistence, collaboration, and engineering discipline.
Over the course of 2024, the group completed four rounds of technical volunteer rotations, bringing together practitioners from multiple disciplines—including cybersecurity, cloud, IT infrastructure, and software engineering.
The process was both challenging and rewarding, requiring the team to reconcile diverse technical perspectives into a single, coherent standards model. Through long working sessions, iterative drafts, and rigorous peer feedback, the team delivered what many thought impossible: the foundation for a defensible, measurable cybersecurity engineering framework.
Their collective effort demonstrated that when architects and engineers share a common vision, true engineering discipline can emerge—even in a field as complex and fast-moving as cybersecurity.