The SABSA Security Architecture Assessment tool provides comprehensive evaluation of enterprise security architecture maturity using the industry-standard Sherwood Applied Business Security Architecture (SABSA) framework. Designed for security architects, enterprise security leaders, and governance professionals, this platform delivers detailed assessments across multiple architectural layers and dimensions.
This tool enables organizations to measure their security architecture maturity, identify capability gaps, and establish roadmaps for security program enhancement. By analyzing organizational assets, processes, people, locations, motivations, and temporal factors across SABSA layers, the assessment provides actionable insights aligned with business objectives and compliance requirements.
Ideal users include Chief Information Security Officers (CISOs), security architects, enterprise risk managers, compliance officers, and organizations seeking structured approaches to security architecture governance and maturity benchmarking.
{
"sessionId": "session-2024-001-abc",
"userId": 12345,
"timestamp": "2024-01-15T10:30:00Z",
"assessmentData": {
"sessionId": "session-2024-001-abc",
"timestamp": "2024-01-15T10:30:00Z",
"layers": {
"contextual": {
"assets": [
{
"name": "Customer Data Repository",
"classification": "Confidential",
"value": "Critical"
}
],
"motivation": [
{
"objective": "Data Protection",
"priority": "High"
}
],
"process": [
{
"name": "Data Encryption Process",
"status": "Implemented"
}
],
"people": [
{
"role": "Data Steward",
"count": 5,
"trained": true
}
],
"location": [
{
"datacenter": "Primary US East",
"compliance": "SOC 2"
}
],
"time": [
{
"phase": "Operational",
"duration": "24/7"
}
]
},
"conceptual": {
"assets": [],
"motivation": [],
"process": [],
"people": [],
"location": [],
"time": []
}
}
}
}
{
"status": "success",
"sessionId": "session-2024-001-abc",
"assessmentId": "assess-2024-001-xyz",
"timestamp": "2024-01-15T10:30:45Z",
"maturityScores": {
"contextual": {
"overall": 3.2,
"assets": 3.5,
"motivation": 3.0,
"process": 3.1,
"people": 2.8,
"location": 3.3,
"time": 3.0
},
"conceptual": {
"overall": 2.1,
"assets": 2.0,
"motivation": 2.2,
"process": 2.1,
"people": 2.0,
"location": 2.0,
"time": 2.0
}
},
"recommendations": [
{
"layer": "contextual",
"dimension": "people",
"finding": "Security awareness training coverage at 80%",
"priority": "High",
"action": "Expand training program to achieve 100% coverage"
}
],
"gaps": [
{
"layer": "conceptual",
"dimension": "process",
"gap": "Absence of formal security architecture review process",
"impact": "Medium"
}
]
}
Health check endpoint for service availability verification.
Method: GET
Path: /
Description: Returns service status and availability confirmation.
Parameters: None
Response:
application/json{}Generate a comprehensive SABSA security architecture assessment based on provided organizational data.
Method: POST
Path: /api/sabsa/assessment
Description: Generates detailed maturity assessment across SABSA framework layers and dimensions.
Request Body Parameters:
| Name | Type | Required | Description | |
|---|---|---|---|---|
| ------ | ------ | ---------- | ------------- | |
sessionId | string | Yes | Unique identifier for the assessment session | |
userId | integer \ | null | No | User identifier for audit and tracking purposes |
timestamp | string | Yes | ISO 8601 timestamp of assessment initiation | |
assessmentData | object | Yes | Core assessment data containing layer evaluations | |
assessmentData.sessionId | string | Yes | Session identifier matching parent sessionId | |
assessmentData.timestamp | string | Yes | Assessment timestamp (ISO 8601 format) | |
assessmentData.layers | object | Yes | Multi-dimensional layer data (keys: layer names, values: LayerData objects) | |
assessmentData.layers[layer].assets | array | No | Asset inventory objects (default: empty array) | |
assessmentData.layers[layer].motivation | array | No | Business motivation and objectives objects (default: empty array) | |
assessmentData.layers[layer].process | array | No | Process and procedure objects (default: empty array) | |
assessmentData.layers[layer].people | array | No | Personnel and role objects (default: empty array) | |
assessmentData.layers[layer].location | array | No | Geographic and physical location objects (default: empty array) | |
assessmentData.layers[layer].time | array | No | Temporal and lifecycle phase objects (default: empty array) |
Response:
application/jsonapplication/jsonRetrieve SABSA framework reference information and structure.
Method: GET
Path: /api/sabsa/framework
Description: Returns framework definitions, layer descriptions, dimensions, and architectural principles.
Parameters: None
Response:
application/jsonRetrieve maturity level definitions and progression criteria.
Method: GET
Path: /api/sabsa/maturity-levels
Description: Returns maturity level scale, definitions, characteristics, and assessment criteria.
Parameters: None
Response:
application/json| Plan | Calls/Day | Calls/Month | Price |
|---|---|---|---|
| ------ | ----------- | ------------- | ------- |
| Free | 5 | 50 | Free |
| Developer | 20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
共 1 个版本