1. Is your system able to detect behavior outside of its intended function?
2. Does your process provide for continuous monitoring of Common Vulnerabilities and Exposures (CVEs) for the third-party components used by your system?
3. Is your system able to detect and respond to unauthorized physical access?
4. Does your system limit access to critical OS functions?
5. Have you encrypted data at rest to help protect your intellectual property from being reverse engineered?
6. Does your system verify the integrity of its configuration files prior to processing them?
7. Does your system take advantage of its hardware-driven secure boot mechanisms?
8. Does your system have a software-driven, trusted boot process that performs digital signature verification and symmetric decryption and is able to support your boot time performance?
9. Does your system separate its major functions using operating system mechanisms such as tasks, real-time processes, containers, processes, or partitions?
10. Once notified of a significant security event or breach, does your system provide for a rapid clearing of critical information?