- CSAP Part 1: Architecture (v1.2)
- CSAP Part 2: Interfaces (v1.2)
- CSAP Part 3: Security Levels (v1.2)
These new versions come in response to comments from those organizations actively implementing CSAP in their workflows and systems. You talked, we listened!
We have changed how the architecture of the core security components is described and redistributed some of the functions.
We have also changed the term “Authorization Policy” (formerly known as “Dynamic Security Policy”) to “Authorization R.” In the revised CSAP architecture, the Policy Manager is collapsed into the Authorization Service and all the steps of Authorization Rule creation, including the validation against global security policies (those that come from, for example, an enterprise level and include the current security stance) happen within the Authorization Service. The Authorization Rules are then sent to the Authorization Rules Distribution Service which manages distribution to the Policy Enforcement Points.
A CSAP policy is a statement defining what is authorized or what must be denied, a CSAP rule describes a policy in a form understandable by the policy enforcement point to which it is directed. A policy template is the means to convert a policy into a rule and is often specific to the technology of the policy enforcement point.
