This repository has been archived on 2026-07-08. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
infospace-bench/infospaces/patterns-of-it-securita-architecture/artifacts/entities/security-readiness-levels.md

52 lines
2.3 KiB
Markdown

# Security Readiness Levels
Status: initial readiness model extracted from the genesis exploration
## Purpose
Readiness levels make the catalog operational. They define how strong a
capability or pattern must be before it is trusted for a given deployment
stage.
## Levels
| Level | Name | Suitable for | Minimum expectations |
| --- | --- | --- | --- |
| RL0 | Experimental | local prototypes | no production data, no external users, no real secrets in code |
| RL1 | Internal alpha | internal use | central login preferred, basic access control, secrets not committed, known risks documented |
| RL2 | Private beta | selected external users | tenant model defined, isolation tested, backups configured, security logging centralized |
| RL3 | Production | paid customers | MFA for privileged users, least privilege, secrets rotation, auditable admin actions, restore tested |
| RL4 | Regulated production | high-trust or regulated customers | formal risk management, customer audit logs, artifact provenance, stronger data residency and deletion controls |
## Pattern Maturity
Pattern maturity is related to readiness, but not identical:
```text
seed -> draft -> reviewed -> canonical -> deprecated
```
- `seed`: captured from exploration, source notes, or external reading.
- `draft`: written in the pattern template with initial mapping.
- `reviewed`: checked for threat model, ownership, and verification.
- `canonical`: accepted as the recommended NetKingdom pattern.
- `deprecated`: retained for history but no longer recommended.
## Evidence By Level
| Evidence | RL1 | RL2 | RL3 | RL4 |
| --- | --- | --- | --- | --- |
| owner named | required | required | required | required |
| threat notes | useful | required | required | required |
| verification checklist | useful | required | required | required |
| operational runbook | optional | useful | required | required |
| audit hooks | optional | useful | required | required |
| restore or failure drill | optional | useful | required | required |
| standards mapping | optional | useful | useful | required |
## NetKingdom Default
Patterns that touch identity, authorization, secrets, tenant isolation,
or privileged access should not be marked canonical below RL3 unless
their production limitations are explicitly documented.