SABSA

Sherwood Applied Business Security Architecture (SABSA) structures security architecture across six layers—from contextual business requirements through component implementation—and six horizontal service management domains. It ensures security controls trace to business risk and operational needs rather than checklist compliance alone. SABSA integrates with enterprise architecture and solution design lifecycles.

In Practice

Larkinized LLC applies SABSA when clients need security embedded in transformation programs, not bolted on after design. Security architects collaborate with EA teams to align policy, standards, and patterns in the repository. SABSA complements NIST and ISO controls by clarifying where each control lives in the architecture stack.

Example

A SABSA contextual layer workshop defines confidentiality requirements for patient data that drive logical access patterns in the target application architecture.