16 — Application Software Security
14 safeguards in the Application Software Security control
16.1Establish and Maintain a Secure Application Development Process
16.2Establish and Maintain a Process to Accept and Address Software Vulnerabilities
16.3Perform Root Cause Analysis on Security Vulnerabilities
16.4Establish and Manage an Inventory of Third-Party Software Components
16.5Use Up-to-Date and Trusted Third-Party Software Components
16.6Establish and Maintain a Severity Rating System and Process for Application Vulnerabilities
16.7Use Standard Hardening Configuration Templates for Application Infrastructure
16.8Separate Production and Non-Production Systems
16.9Train Developers in Application Security Concepts and Secure Coding
16.10Apply Secure Design Principles in Application Architectures
16.11Leverage Vetted Modules or Services for Application Security Components
16.12Implement Code-Level Security Checks
16.13Conduct Application Penetration Testing
16.14Conduct Threat Modeling