Third-Party Resources
Third-Party Resources
NIST, TOGAF, IEEE, and other industry standards and frameworks
Third-party resources provide industry-recognized standards, frameworks, and best practices that complement the Netspective Unified Process. These resources help ensure alignment with established methodologies and regulatory requirements.
Resource Categories
┌─────────────────────────────────────────────────────────────────────────────┐
│ THIRD-PARTY RESOURCES │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ SECURITY & COMPLIANCE │
│ NIST Frameworks, OWASP, CIS Benchmarks │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ ARCHITECTURE FRAMEWORKS │
│ TOGAF, Zachman, C4 Model │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ ENGINEERING STANDARDS │
│ IEEE, ISO, IEC Standards │
└─────────────────────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────┐
│ ENGINEERING PLAYBOOKS │
│ Microsoft, Google, Industry Best Practices │
└─────────────────────────────────────────────────────────────────────────────┘Available Resources
| Resource | Category | Use Case |
|---|---|---|
| NIST Resources | Security & Compliance | Risk management, cybersecurity |
| TOGAF Resources | Architecture | Enterprise architecture |
| IEEE Standards | Engineering | Software engineering standards |
Key Industry Standards
Security Standards
| Standard | Publisher | Focus |
|---|---|---|
| NIST Cybersecurity Framework | NIST | Risk management |
| NIST 800-53 | NIST | Security controls |
| ISO 27001 | ISO | Information security |
| OWASP Top 10 | OWASP | Web application security |
| CIS Benchmarks | CIS | System hardening |
Software Engineering Standards
| Standard | Publisher | Focus |
|---|---|---|
| IEEE 730 | IEEE | Software quality assurance |
| IEEE 829 | IEEE | Software test documentation |
| IEEE 1012 | IEEE | Software verification & validation |
| ISO/IEC 12207 | ISO/IEC | Software lifecycle processes |
| IEC 62304 | IEC | Medical device software |
Architecture Frameworks
| Framework | Publisher | Focus |
|---|---|---|
| TOGAF | The Open Group | Enterprise architecture |
| Zachman | Zachman International | Architecture taxonomy |
| C4 Model | Simon Brown | Software architecture diagrams |
| ArchiMate | The Open Group | Architecture modeling |
Microsoft Engineering Playbook
The Microsoft Engineering Playbook provides modern engineering best practices that align with NUP principles.
Key Resources
| Topic | Description | Link |
|---|---|---|
| Agile Development | Sprint practices, ceremonies | View |
| Code Reviews | Review process and checklists | View |
| Automated Testing | Testing strategies | View |
| CI/CD | Pipeline practices | View |
| Design | Design reviews, patterns | View |
| Documentation | Documentation standards | View |
| Security | Security practices | View |
| Observability | Monitoring, logging | View |
Regulatory Resources
FDA Guidance
| Document | Purpose |
|---|---|
| General Principles of Software Validation | Software validation guidance |
| Software as Medical Device | SaMD classification |
| 21 CFR Part 11 | Electronic records |
HIPAA Resources
| Resource | Purpose |
|---|---|
| HIPAA Security Rule | Security requirements |
| HIPAA Privacy Rule | Privacy requirements |
| HHS Guidance | Implementation guidance |
FedRAMP Resources
| Resource | Purpose |
|---|---|
| FedRAMP.gov | Program overview |
| FedRAMP Marketplace | Authorized providers |
| FedRAMP Documents | Templates and guidance |
How to Use These Resources
Integration with NUP
┌─────────────────────────────────────────────────────────────────────────────┐
│ RESOURCE INTEGRATION MODEL │
└─────────────────────────────────────────────────────────────────────────────┘
NUP Phases & Disciplines
│
▼
┌─────────────────┐
│ Map to │
│ Standards │────▶ Select applicable standards
└────────┬────────┘ (NIST, IEEE, ISO, etc.)
│
▼
┌─────────────────┐
│ Adopt │
│ Practices │────▶ Integrate best practices
└────────┬────────┘ (MS Playbook, OWASP)
│
▼
┌─────────────────┐
│ Generate │
│ Evidence │────▶ Document compliance
└─────────────────┘ (audits, certifications)Selection Criteria
Choose resources based on:
- Regulatory Requirements - What compliance is needed?
- Industry Context - Healthcare, finance, government?
- Project Scope - Enterprise-wide or single application?
- Team Expertise - What does the team already know?
Related Resources
- NIST Resources
- TOGAF Resources
- IEEE Standards
- Security
- Guidelines
- Microsoft Engineering Playbook
- FDA General Principles of Software Validation
- FDA Software as Medical Device
- 21 CFR Part 11
- HHS HIPAA Resources
- FedRAMP
Compliance
This section fulfills ISO 13485 requirements for regulatory requirements (4.1.1), external documentation (4.2.3), and standards compliance (4.1), and ISO 27001 requirements for compliance with legal requirements (A.5.31), external references (A.5.37), and information security policies (A.5.1).
How is this guide?
Last updated on