>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

SA-15Development Process, Standards, And Tool

PBMM (P3)
Secret (P3)

>Control Description

(A) The organization requires the developer of the information system, system component, or information system service to follow a documented development process that: (a) Explicitly addresses security requirements; (b) Identifies the standards and tools used in the development process; (c) Documents the specific tool options and tool configurations used in the development process; and (d) Documents, manages, and ensures the integrity of changes to the process and/or tools used in development. (B) The organization reviews the development process, standards, tools, and tool options/configurations organization-defined frequency to determine if the process, standards, tools, and tool options/configurations selected and employed can satisfy organization-defined security requirements.

>Supplemental Guidance

Development tools include, for example, programming languages and computer-aided design (CAD) systems. Reviews of development processes can include, for example, the use of maturity models to determine the potential effectiveness of such processes. Maintaining the integrity of changes to tools and processes enables accurate supply chain risk assessment and mitigation, and requires robust configuration control throughout the life cycle (including design, development, transport, delivery, integration, and maintenance) to track authorized changes and prevent unauthorized changes.

Related controls: SA-3, SA-8.

>Tailoring Guidance

Apply to custom developed systems or components.

Ask AI

Configure your API key to use AI features.