>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

TA-05Developer Security Training

>Control Description

Organization's software engineers are required to complete training based on secure coding techniques on an annual basis.

Theme

People

Type

Preventive

Policy/Standard

Training & Awareness Procedure

>Implementation Guidance

1. Ensure that review of the security training material includes guidance on yearly Secure Coding Training for PCI developers and software engineers. 2. Ensure that the secure coding training was provided and completed by the employees within the last 365 days. 3. Make sure that engineers are registered for the Security Engineering Training program as required.

>Testing Procedure

1. Inspect the Security Training Material to validate that the standard provides guidance on annual Secure Coding Training for PCI developers and software engineers. 2. For a sample of employees obtain evidences showing secure coding training completion. Validate that the date of completion is in the last 365 days. 3. Ensure that all engineers are enrolled in the Security Engineering Training program as needed.

>Audit Artifacts

E-TA-02
E-TA-03

>Framework Mappings

Cross-framework mappings provided by Adobe CCF Open Source under Creative Commons License.

CIS Controls
2

14.9
16.9

ISO 27002:2022
3

8.25
8.28
6.3

PCI DSS
1

6.2.4

BSI C5
1

DEV-04

Ask AI

Configure your API key to use AI features.