CISA does not endorse any commercial product or service. CISA does not attest to the suitability or effectiveness of these services and resources for any particular use case. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply their endorsement, recommendation, or favoring by CISA.
Description
xCOMPASS is a simple tool that allows developers to determine their privacy engineering requirements early in the product development lifecycle. It is a questionnaire, whose input is answers to the list of binary (i.e., yes-no) questions about the design of the application, how it is meant to be used, and what kind of data it processes. The output is a list of privacy design strategies as well as a list of personas (e.g., threat actors) that can be shared with developers to make it easier to understand the impact of the privacy engineering concerns identified by xCOMPASS.