top of page
D10S_hero_bkgd_v1_2026.png
D07-cover-image2.png

D07

Threat & Vulnerability Security Engineering

About The Standard Domain 

The Threat & Vulnerability Security Engineering domain defines how organizations identify and understand threat conditions, discover and analyze vulnerabilities, and evaluate exposures across architectures, systems, platforms, and services.

It establishes the engineering foundation for threat-informed decision making, vulnerability prioritization based on risk and impact, remediation support, and validation of fixes, reducing exploitable conditions and strengthening the security posture of systems and environments.

Threat Analysis

Vulnerability Assessment

Exposure Prioritization

Remediation Support

Validation & Assurance

Why Adoption is Necessary
How The Standard Works
Associate Standards Preview

Associate Standards Coming in Q3 2026 

Detailed, implementation-level standards that support D01 will be published in Q3 2026 to help teams operationalize secure network architectures.

D10S_ISAU_shield_logo_v2_2026_transp.png
Built for Builders. Backed by Evidence.

D07 provides the architectural foundation for threat and vulnerability security engineering, designed, engineered, and proven to identify exposures, prioritize risk, support remediation, and validate that weaknesses are reduced.

Maintained by:

ISAUnited-red_trimmed.png

Training by:

new-1-blue-background_v2.png

Practitioner and Organizational Use

The Defensible 10 Standards (D10S) are published under a Creative Commons Attribution–NonCommercial 4.0 International License (CC BY-NC 4.0).


This license permits free use, adaptation, and internal implementation of the D10S by individual practitioners, educational institutions, and organizations for the purpose of research, training, architecture design, or internal security engineering.


Attribution to ISAUnited.org must be maintained in all uses, reproductions, or derivative works.

Commercial, Vendor, and Integration Use

The use, reproduction, or incorporation of the Defensible 10 Standards (D10S) or their content within commercial products, software, tooling, managed services, or for-profit offerings requires a separate commercial integration or redistribution license issued by the Institute of Security Architecture United (ISAUnited.org).


This includes but is not limited to:

  • Integration into commercial or subscription-based platforms or software tools

  • Use in vendor-branded frameworks or automated compliance products

  • Redistribution of modified or adapted versions for resale or commercial benefit

 

Requests for commercial licensing or integration agreements should be directed to:  info@isaunited.org

© 2026 The Defensible 10 Standards (D10S). Owned, operated, and maintained by the Institute of Security Architecture United (ISAUnited.org).

bottom of page