The requirement "1.10 MSTG-ARCH-10 Security is addressed within all parts of the software development lifecycle." is currently a L2 requirement. Addressing security in the whole SDL process should IMO be the very basics of any requirement set or framework.
In addition, the requirement 1.12 stipulates compliancy with privacy laws and regulations already on L1. I cannot imagine how e.g. compliancy against GDPR's privacy and security by design and default can be demonstrated if security is not addressed within all parts of the SDL.
The requirement "1.10 MSTG-ARCH-10 Security is addressed within all parts of the software development lifecycle." is currently a L2 requirement. Addressing security in the whole SDL process should IMO be the very basics of any requirement set or framework.
In addition, the requirement 1.12 stipulates compliancy with privacy laws and regulations already on L1. I cannot imagine how e.g. compliancy against GDPR's privacy and security by design and default can be demonstrated if security is not addressed within all parts of the SDL.