>myctrl.tools
Preferences
Under active development Content is continuously updated and improved
Compare

PO.1.1Identify and document all security requirements for the organization’s software development infrastructures and processes, and maintain the requirements over time.

PO.1

>Control Description

Identify and document all security requirements for the organization’s software development infrastructures and processes, and maintain the requirements over time.

>Practice: PO.1

Define Security Requirements for Software Development

Ensure that security requirements for software development are known at all times so that they can be taken into account throughout the SDLC and duplication of effort can be minimized because the requirements information can be collected once and shared. This includes requirements from internal sources (e.g., the organization’s policies, business objectives, and risk management strategy) and external sources (e.g., applicable laws and regulations).

>Notional Implementation Examples

  1. 1.Define policies for securing software development infrastructures and their components, including development endpoints, throughout the SDLC and maintaining that security.
  2. 2.Define policies for securing software development processes throughout the SDLC and maintaining that security, including for open-source and other third-party software components utilized by software being developed.
  3. 3.Review and update security requirements at least annually, or sooner if there are new requirements from internal or external sources, or a major security incident targeting software development infrastructure has occurred.
  4. 4.Educate affected individuals on impending changes to requirements.

>Cross-Framework References

Mappings to related frameworks and standards from NIST SP 800-218

BSA FSS

SM.3
DE.1
IA.1
IA.2

BSIMM

CP1.1
CP1.3
SR1.1
SR2.2
SE1.2
SE2.6

EO 14028

4e(ix)

IEC 62443

SM-7
SM-9

NIST CSF

ID.GV-3

OWASP ASVS

1.1.1

OWASP MASVS

1.10

OWASP SAMM

PC1-A
PC1-B
PC2-A

PCI SSLC

2.1
2.2

SAFECode FPSSD

Planning the Implementation and Deployment of Secure Development Practices

SP 800-53

SA-1
SA-8
SA-15
SR-3

SP 800-160

3.1.2
3.2.1
3.2.2
3.3.1
3.4.2
3.4.3

SP 800-161

SA-1
SA-8
SA-15
SR-3

SP 800-181 (NICE)

T0414
K0003
K0039
K0044
K0157
K0168
K0177
K0211
+10 more

Ask AI

Configure your API key to use AI features.