>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

CRY-15Software Signing

>Control Description

Organization uses a software signing infrastructure to restrict access to organization's code signing private keys used to sign organization authorized software builds.

Theme

Technology

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure that a process is defined and documented for software signing. 2. Ensure that the private keys used for software signing are accessible only to a restricted set of personnel.

>Testing Procedure

1. Inspect and validate that a process is defined and documented for software signing. 2. Validate whether the private keys used for software signing are accessible only to a restricted set of personnel. 3. Validate that periodic access reviews are performed for these keys.

>Audit Artifacts

E-CRY-23
E-CRY-24

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
1

2.7

ISO 27002:2022
1

8.24

Ask AI

Configure your API key to use AI features.