Domain 3: Security Architecture and Engineering

Last updated: December 1, 2025 in CISSP Domains

Building Systems That Hold

Domain 3 accounts for 13% of the CISSP exam. Here’s what actually matters: security architecture determines whether systems resist attack by design or require constant patching and monitoring to survive. The difference between secure and insecure systems usually isn’t the technology—it’s the architecture.

This domain covers security models, cryptography, secure design principles, and physical security. Master the concepts here, and you’ll understand why specific controls exist rather than just knowing what they do.

Defense in Depth Physical Security Network Security Host Security Application Security DATA

Security Models

Security models provide formal frameworks for implementing access control. Bell-LaPadula enforces confidentiality with “no read up, no write down.” Biba enforces integrity with the opposite rules. Clark-Wilson focuses on integrity through well-formed transactions and separation of duties.

These models matter because they formalize security properties. When a system implements Bell-LaPadula, you can prove it prevents unauthorized disclosure. When regulations require “strong integrity controls,” Clark-Wilson provides a framework that auditors recognize.

Cryptography Fundamentals

  • Symmetric encryption uses the same key for encryption and decryption. AES is the current standard. Fast for bulk data. Key distribution is the challenge.
  • Asymmetric encryption uses key pairs—public for encryption, private for decryption. RSA and ECC are common. Slower but solves key distribution.
  • Hashing creates fixed-length fingerprints. SHA-256 is standard. One-way function—can’t recover input from output. Used for integrity verification.
  • Digital signatures combine hashing and asymmetric crypto. Sign with private key, verify with public. Provides authentication, integrity, and non-repudiation.

Cryptography Types SYMMETRIC Same key AES, 3DES Fast ASYMMETRIC Key pairs RSA, ECC Key exchange HASHING One-way SHA-256 Integrity DIGITAL SIGNATURES Hash + Asymmetric = Authentication + Integrity + Non-repudiation Sign with private key, verify with public key

Secure Design Principles

Least privilege grants minimum access needed for tasks. Defense in depth layers multiple controls. Fail secure defaults to denial when controls fail. Separation of duties prevents single individuals from completing sensitive transactions alone.

These principles guide architecture decisions. When designing a payment system, separation of duties means different people authorize and execute transfers. When designing network architecture, defense in depth means firewalls, IDS, and endpoint protection—not just one control.

Site and Facility Security

Physical security protects facilities, equipment, and people. Layers include perimeter controls (fences, lighting), building controls (access systems, guards), and internal controls (locked rooms, safes). Environmental controls address fire, flood, temperature, and humidity.

CPTED (Crime Prevention Through Environmental Design) uses architecture to deter crime through natural surveillance, access control, and territorial reinforcement. A well-lit parking lot with clear sightlines provides natural surveillance. Landscaping that channels visitors to reception provides natural access control.

Physical Security Layers PERIMETER: Fences, Gates, Lighting, Guards BUILDING: Access Control, Cameras, Alarms INTERIOR: Locked Rooms, Biometrics, Mantraps DATA CENTER Racks, Safes, HVAC, Fire Suppression

System Security Components

TPMs (Trusted Platform Modules) provide hardware-based security functions including secure key storage and platform integrity verification. Hardware Security Modules (HSMs) offer higher assurance for cryptographic operations in enterprise environments.

Virtualization and containers create isolation between workloads but introduce new attack surfaces. Hypervisor vulnerabilities affect all VMs. Container escapes compromise the host. Security architecture must address these shared infrastructure risks.

Connecting to Other Domains

Domain 3 provides the architectural foundation that other domains implement. Domain 4 applies defense in depth to network design. Domain 5 implements access control models. Domain 8 builds secure software using these principles.

The practice questions test understanding of when to apply which model or principle. Know why Bell-LaPadula suits military systems while Clark-Wilson fits financial applications.

Security architecture determines whether systems resist attack by design. Technical controls fail when architecture is flawed. Master these concepts, and you’ll know not just what controls to implement but why they work.

author avatar
Elias Ward
Elias is a deep coding specialist who has spent most of his career working in places most people never hear about. Starting with a background in secure systems and backend development, he eventually moved into roles that required quiet precision and the ability to build or fix technology in environments where reliability mattered more than recognition.
See Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *