owaspsamm · dkefer · Mar 24, 2024 · Mar 23, 2024
diff --git a/model/practice_levels/V-AA-3.yml b/model/practice_levels/V-AA-3.yml
@@ -14,6 +14,6 @@ id: 83ea8aaab3384b41b785107613ee4d86
 
 #Objective of this particular practice level
 objective: Review the architecture effectiveness and feedback results to improve the
-  security architecture.
+  security of the architecture.
 #Type Classification of the Document
 type: PracticeLevel
diff --git a/model/security_practices/D-Security-Architecture.yml b/model/security_practices/D-Security-Architecture.yml
@@ -10,18 +10,18 @@ function: 88c296acaae841a2b2fc5314bff44cb4
 id: 4753e55e943c4d418303bf90d599c6b1
 
 #Official name of this practice
-name: Security Architecture
+name: Secure Architecture
 
 #Abbreviation of this practice
 shortName: SA
 
 #A one sentence description of the security practice
-shortDescription: The security architecture practice focuses on managing architectural
+shortDescription: The secure architecture practice focuses on managing architectural
   risks for the software solution.
 
 #A multi-paragraph description of the security practice
 longDescription: |
-  The Security Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling.
+  The Secure Architecture (SA) practice focuses on the security linked to components and technology you deal with during the architectural design of your software. Secure Architecture Design looks at the selection and composition of components that form the foundation of your solution, focusing on its security properties. Technology Management looks at the security of supporting technologies used during development, deployment and operations, such as development stacks and tooling, deployment tooling, and operating systems and tooling.
 
 #The relative order of this practice in the business function
 order: 3

diff --git a/model/security_practices/V-Architecture Assessment.yml b/model/security_practices/V-Architecture Assessment.yml
@@ -22,7 +22,7 @@ shortDescription: This practice focuses on validating the security and complianc
 longDescription: |
   The Architecture Assessment (AA) practice ensures that the application and infrastructure architecture adequately meets all relevant security and compliance requirements, and sufficiently mitigates identified security threats. The first stream focuses on verifying that the security and compliance requirements identified in the Policy & Compliance and Security Requirements practices are met, first in an ad-hoc manner, then more systematically for each interface in the system. The second stream reviews the architecture, first for mitigations against typical threats, then against the specific threats identified in the Threat Assessment practice.
 
-  In its more advanced form, the practice formalizes the security architecture review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Security Architecture practice to improve reference architectures.
+  In its more advanced form, the practice formalizes the architecture security review process, continuously evaluates the effectiveness of the architecture's security controls, their scalability and strategic alignment. Identified weaknesses and possible improvements are fed back to the Secure Architecture practice to improve reference architectures.
 
 #The relative order of this practice in the business function
 order: 1