PO — Prepare the Organization
17 practices in the Prepare the Organization group
PO.1Define Security Requirements for Software Development
PO.1.1Identify and Document Infrastructure Security Requirements
PO.1.2Identify and Document Software Security Requirements
PO.2Implement Roles and Responsibilities for Secure Development
PO.2.1Create and Maintain SDLC Roles and Responsibilities
PO.2.2Provide Role-Based Secure Development Training
PO.2.3Obtain Management Commitment to Secure Development
PO.3Implement Supporting Toolchains
PO.3.1Specify Toolchain Requirements
PO.3.2Securely Deploy and Maintain Tools
PO.3.3Configure Tools for Artifact Generation
PO.4Define Criteria for Software Security Checks
PO.4.1Define and Track Security Check Criteria
PO.4.2Implement Processes to Support Security Criteria
PO.5Protect Development Environments
PO.5.1Separate and Protect Development Environments
PO.5.2Secure and Harden Development Endpoints