The checklist for the capture of requirements is as follows:

• Are the requirements for data integrity identified?
• Are the sensitive resources in the application identified?
• Are the sets of principles for accessing the resources identified?
• Is a security policy of an application established, including entities, actions, resources and information integrity needs?
• Has a threat model to identify the security risks been identified?
• Are the stakeholders appraised, through example scenarios, so that they understand the security policy and the security risk?
• Is the security policy kept simple?
• Are security requirements reviewed with security SMEs?

The checklist for architecture definition is:

• Has each identified threat been addressed to the level desired/required?
• Have you leveraged as much third-party security technology as possible?
• Has an integrated end-to-end architecture for security been produced?
• Have all the security principles been thought-out when designing the infrastructure?
• Have you established how the security breaches will be detected and the protocol to recover from breaches?
• Are the results of the security standpoint for all the affected views applied?
• Have SMEs reviewed the security solution?