>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SLC-01Service Lifecycle Workflow

>Control Description

Major software releases are subject to the Service Life Cycle, which requires acceptance via Concept Accept and Project Plan Commit phases prior to implementation.

Theme

Process

Type

Preventive

Policy/Standard

Secure Development Lifecycle Policy

>Implementation Guidance

1. Ensure there is a documented standard for organization product lifecycle and secure product lifecycle which consists requirements for acceptance via concept accept and project plan commit phases prior to implementation. 2. Ensure the standard for organization product lifecycle and secure product lifecycle are reviewed and updated as required. 3. Implement a procedure to document the acceptance via concept accept and project plan commit phases prior to implementation for each and every major release.

>Testing Procedure

1. Inspect Organization's Product Lifecycle Standard and Secure Product Lifecycle Standard to determine whether requirements for acceptance via Concept Accept and Project Plan Commit phases prior to implementation are defined. 2. Inspect documentation for a selection of major releases to determine whether it includes documentation of acceptance via Concept Accept and Project Plan Commit phases prior to implementation.

>Audit Artifacts

E-SLC-01
E-SLC-02

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

NIST CSF
1

PR.IP-2

CIS Controls
3

16.1
16.2
16.10

ISO 27002:2022
4

8.25
8.27
5.8
8.28

FedRAMP Rev 5
4

SA-03
SA-04
SA-04 (01)
PL-08

PCI DSS
6

6.1
6.2
6.2.1
6.2.2
6.2.3
6.2.3.1

SOC 2
1

CC8.1

BSI C5
1

DEV-01

TX-RAMP
4

PL-8
SA-3
SA-4
SA-4(1)

Ask AI

Configure your API key to use AI features.