The SABSA Attributes Taxonomy is shared in accordance with the terms of the Open Source Licence published at https://sabsa.org/open-source-licence. All content of any material (including that accompanying this limited open source licence) made available by the Institute (as defined hereafter) (the Material) is © 2019, The SABSA Institute C.I.C (a registered community interest company in England under registration number 08439587) (the Institute). Modelling SABSA® with ArchiMate® This paper proposes a viable security overlay, capable of supporting the SABSA Architecture approach with the ArchiMate EA modelling language. The expected benefit of such an alignment is that ESA concepts can be incorporated into a unified EA model that is shared with other architects and reflects the reality of the enterprise’s single architecture. Security becomes an integral part of the design. Visualisation: security models are a complex mesh of concepts and relationships that are far better-suited to representation by a simple, yet expressive notation of symbolic nodes and lines than as checklists and matrices. Because diagrams are much more intuitive to create, understand, verify and review, the result is both more usable and of superior quality. The economics of modern IT drive projects to deliver more value earlier and repeatedly on ever shorter cycles. These “Agile” approaches shift emphasis heavily towards functionality, too often to the detriment of good structure and the planning, blueprints and documentation overhead that go with it. In this world, architecture is redefined as the opposite of Agile: the decisions that need to be made correctly at the start of the project because they are difficult to change afterwards. SABSA teaches us that security architecture is not another architectural layer but a cross-cutting concern, affecting all EA layers and as such, is especially exposed by Agile methods. It’s not that Agile is implacably opposed to documentation – only that it should be an enabler and not a drag on the project. To this end, scaled Agile methodologies are turning towards Model-Based System Engineering (MBSE) as a means to keep the artefact set complete, up-to-date, consistent and tailored to specific stakeholder views. By generating these artefacts as views of a single underlying model, this overhead is vastly reduced. Reliable documentation is maintained quickly and easily. Re-use becomes possible on many levels: elements, patterns and even analysis. As these models expand beyond the logical design (UML) to full system models (ArchiMate), a security overlay will enable SABSA itself to be practised lighter, faster and better adapted to the short-cycle, agile, minimum viable approach of modern projects. In demonstrating this alignment, relatively few fundamental issues have been encountered. The most significant of these are the different concepts of an architectural Principle and the absence of the elements necessary to populate the Conceptual layer for which stereotyped elements and the adoption of conventions for Motivation patterns, these have been resolved without breaking the grammar and retaining a degree of elegance.