Is the security implemented justified with regard to the operations carried out ?
Is each operation associated with a security requirement?
The implementation of security generates an additional environmental footprint that should be related to the critical aspect of the operation concerned, rather than being just a general practice. This segmentation of security level should have an overall benefit, and not generate additional impact costs.
Operational issues related to the project
Rule for assessing the level of compliance of the criterion
Formalized = 100 ; Planned = 75 ; Identified = 50 ; Ignored = 0 / 100
16 other criteria related to the recommendation: Use the technical components that improve the sustainable IT aspects, security and performance
Is the documentation of the functionality available to enable its reuse ?
Is the web server used asynchronous and multi-threaded ?
Has the dependency tree of the integrated components been evaluated ?
Can dependencies be reduced by using an alternative component ?
Is the user informed of a processing in progress in the background ?
Has the integration of asynchronous processing been evaluated ?
Are unused resources freed up as quickly as possible ?
Is a VM necessary as opposed to a container solution ?
Does service availability require redundancy ?
Do interactions between components benefit from caching mechanisms ?
Are the browser caches not being blocked by the framework or technology used ?
Is there a lighter framework / library that meets the functional need ?
Is an Open Source solution available for the functional need ?
Are the versions of the components used tracked and deployed ?
Is the level of logs adapted to the environment ?
Are temporary files included in the "logrotate" ?