[SFD1.1: 98] Build and publish security features.
Rather than having each project team implement its own security features (e.g., authentication, role management, key management, audit/log, cryptography, protocols), the SSG provides proactive guidance by acting as a clearinghouse of security features for development groups to use. These features might be discovered during code review, created by the SSG or a specialized development team, or be part of a library provided by a vendor, such as a cloud service provider. Generic security features often have to be tailored for specific platforms. A mobile crypto feature will likely need at least two versions to cover Android and iOS, while managing identity in the cloud might require versions specific to AWS, Google, and Azure. Project teams benefit from implementations that come preapproved by the SSG, and the SSG benefits by not having to repeatedly track down the kinds of subtle errors that often creep into security features.