>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

6.2.2Software development personnel working on bespoke and custom software are trained at least once every 12 months as follows: On software security relevant to their job function and development languages.

>Requirement Description

Software development personnel working on bespoke and custom software are trained at least once every 12 months as follows: On software security relevant to their job function and development languages. Including secure software design and secure coding techniques. Including, if security testing tools are used, how to use the tools for detecting vulnerabilities in software. Applicability Notes: This requirement for code reviews applies to all bespoke and custom software (both internal and public facing), as part of the system development lifecycle. Public-facing web applications are also subject to additional controls, to address ongoing threats and vulnerabilities after implementation, as defined at PCI DSS Requirement 6.4. Code reviews may be performed using either manual or automated processes, or a combination of both.

>Cross-Framework Mappings

NIST CSF 2.0

via NIST OLIR Catalog
GV.RR-01
Compare
ID.AM-08
Compare
PR.AT-02
Compare
PR.PS-06
Compare

SCF

HRS-03.2
Compare
IAO-04
Compare
SAT-03
Compare
SAT-03.8
Compare
TDA-06.3
Compare
TDA-13
Compare
TDA-15
Compare

Ask AI

Configure your API key to use AI features.