Skip to content
/ mvsp Public
forked from vendorsec/mvsp

Minimum Viable Secure Product Stacc fork

License

Notifications You must be signed in to change notification settings

stacc/mvsp

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Minimum Viable Secure Product

MVSP is a minimum security baseline for enterprise-ready products and services. The baseline checklist is focused on application security controls, and can be used at various stages of the sales cycle, from RFP through to contractual controls.

The best way to read about MVSP is to visit mvsp.dev.

How to use it

Requests for proposals

Universal baseline for vendor selection simplifies the jobs of the sourcing teams. MVSP is short and concise to be included into RFP documents without bloating them.

Self-assessment

Smaller companies that are not mature enough to afford large compliance efforts such as SOC 2 or PCI DSS use MVSP as the baseline for the security posture of their MVP.

Third-party security

Larger companies attempting to triage their vendors' security posture incorporate MVSP as their universal questionnaire.

Including it into your standard agreements

By including the MVSP in your standard agreements, it is possible to align on a set of baseline contractual controls that matches those shared at the point of RFP. This can greatly help to ensure that requirements are communicated clearly up front, and reduces last minute surprises.

Complying with it as vendor

As a vendor you may be asked if you are able to comply with the MVSP baseline. Alongside the checklist, you can find more information about the controls and why these are important in the Controls FAQ.

Contributing

MVSP is designed to be simple, understandable and minimalistic. It must be considered that the goal is not to become another complex standard. Before sending a PULL request contributors should always ask themselves the question: Could I consider a vendor secure if they did not comply with the control I am adding? If the answer is yes, then the control should not be there.

For more information, see Contributing

License

MVSP and its translations are public domain under CC0 1.0 Universal license.

About

Minimum Viable Secure Product Stacc fork

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • CSS 56.1%
  • HTML 25.4%
  • Nunjucks 14.8%
  • JavaScript 3.7%